**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.18 (June 25, 1990) ** **************************************************************************** MODERATORS: Jim Thomas (Sole moderator: Gordon Meyer on vacation) REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.18 / File 2 of 5 / Mailbag (3 items) *** *************************************************************** Date: Fri, 22 Jun 90 9:31:10 EDT From: Wes Morgan To: TK0JUT2%NIU.BITNET@UICVM.UIC.EDU Subject: Re: C-u-D, #1.17 Stephen Tihor writes: > >I am interested in ideas with low $ and personnel costs and which will avoid >triggering more vandalism or even unguided explorations. How about *guided* exploration? I would assume that a university with NYU's level of resources has PCs capable of running UNIX. Why not run a series of "Intro to UNIX" and "Intro to C" courses using UNIX PCs? Encourage exploration; after all, there's not much damage to be done with an isolated PC......and the accounts can stick around for months. >=========================================================================== mis@seiden.com(Mark Seiden) writes, in his commentary on the LoD case: >presumably there a precise legal definition of "traffic"? BKEHOE@widener also expressed concern about this issue later in this Digest. This comment applies to both articles. The use of "traffic" in this case has serious implications on ALL computer networks. Consider BITNET; if a user at TECMTYVM sends stolen information to UKCC, are the 12 intermediary site on the path implied accessories? I don't even want to *think* about the uucp network, where it can require passage through 15 or 20 sites to reach some nodes. Consider the frightening ease with which both BITNET and UNIX mail can be forged. Consider the CP TRANSFER command; a little reading should make its potential clear. The potential for monitoring network traffic is also large. The simple command "sm cmd ohstvma q psuvm q" will allow me to see the destination of every file travelling that link, one of BITNET's busiest. A number of products (LANalyzer, Sniffer) allow their users the ability to track, capture, and decode packets travelling on almost *any* network. It's a simple matter to track usage of any network; how soon before we see official "Sniffer Stations", driven by AI routines, watching and ana- lyzing our network usage constantly? >Are you still able/willing to make the entire archives available to, say, >counsel needing access for trial preparation? how about to someone who >will be testifying before Congress (who are holding hearings in mid-July on >this subject)? A related question: If a public document (i.e., PHRACK) is used as evidence in a closed trial, does that restrict distribution on ALL copies of that PUBLIC document? This seems somewhat akin to intro-ducing the Louisville Courier-Journal as evidence, expecting all the libraries to hastily pull the appropriate issues from the shelves. Are there any attorneys on this list who would offer an opinion in this matter? BKEHOE@widener writes, in his comments on the Neidorf indictment: > >2) Counts 3 and 4 were about as vague as anything I've read. From my >interpretation, the counts are charging them with conspiring to perform the >E911 "theft" via email. Does that then mean that if I were to write to >someone with a scheme to break into a system somewhere, that I could be >held accountable for my plans? Is the discussion of performing an illegal >act of and in itself illegal? Sure, if that break-in actually happens. You'd be liable under that wonderful "conspiracy" clause. If the fellow with whom you discussed the scheme subsequently discussed it with another individual, who actually committed the crime, you could certainly be tracked down and charged as a co-conspirator . This is the sort of thing that makes me wary when users ask for explanations of telnet/cu/ftp/et cetera.... I just point them at the manuals, so they can't attribute *ANYTHING* to me. >4) Finally, I must wonder how many more charges may be pulled up between >now and the time of the trial, if that gem about transmitting Phrack 22 was >so suddenly included. Will every Phrack be dug through for any "possibly" >illegal information? Certainly! You know that those lists of bbs numbers imply that Neidorf connected to EACH AND EVERY ONE of them, dispensing his ILLEGAL information! >If I were to write up a file based on the >information in Dave Curry's Unix Security paper, using language that >"incites devious activity" (a.k.a. encourages people to go searching for >holes in every available Unix system they can find), can I be held >accountable for providing that information? Well, how about this situation? I'm the de facto "security guru" for my site. Should I attempt break-ins of machines under my domain? Am I vio- lating the law? Am I liable, even though I have no malicious intent? Needless to say, I have stopped all such activity until these points are ironed out. >Well, that's enough for now...I'm interested in hearing other peoples' >opinions on all of this. I'm sure I'm not the only one out here who gets >mildly PO'd each time I hear about a new result of Operation Sun Devil (and >the associated fever). Well, I wonder if anyone's planning a "Introduction to Modern Computing" course for the judiciary. I still don't understand how people such as Neidorf, Riggs, and Rose can be tried by a "jury of their peers". I'd like to see the records of the _voir dire_ (jury selection) process. How many of the prospective jurors do you think will be able to truly under- stand the concepts involved? Would you care to explain password security to a 2nd grade teacher or bus driver? I mean no slight to these people, but their presence on a jury in a computer case is like asking me to serve on a jury for a case involving particle physics! For that matter, will the defense attorney have a chance to object to the definitions given various terms by the prosecutors in open court? Hardly. Wes Morgan -- The opinions expressed above are not those of UKECC unless so noted. Wes Morgan % %rutgers,rayssd,uunet%!ukma!ukecc!morgan +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Date: Fri, 22 Jun 90 16:22:22 EDT From: josephl@wb3ffv.ampr.org To: tk0jut2 ->->->->->->->->-> A NETWORKER'S JOURNAL ->->->->->->->->->->-> Vol. 5 June 22, 1990 No. 42 ALAN BECHTOLD PLANS MODEM USERS ASSOCIATION Alan Bechtold, president of BBS Press Service, has launched a new non-profit organization called the Modem User's Association of America that he says will be active in cases in which phone companies propose rates that affect telecomputerists. MUAA intends to be a clearing house for information of interest to users and operators of computer bulletin board systems. It also hopes to link local and regional modem user groups into a nationwide network and set up a lobbying effort in Washington to push for legislation favorable to modem users. Bechtold says that so far the greater interest has come from people in states currently affected by changes in phone company rates, including Indiana and Texas. The group's legal and lobbying support for the first year is being offered by a Washington, D.C., group, Bechtold said. For more information about the group, you may call 913/478-9239. -------------------------------------------------------------------- UNCLE SAM OFFERS SECURITY GUIDES Computer security guides, mandated by the Computer Security Act of 1987, are being distributed by the National Institute of Standards and Technology. They address viruses, data integrity and general system security. The guides are available from the Government Printing Office or directly from the NIST Computer Security Board. To check it out, make a modem call to 301/948-5717. Three of the guides cover security questions posed by executives, managers and users, while the fourth is intended to assist federal agencies in developing security training programs. U.S. SUPREME COURT PREPARES TO BEGIN ELECTRONIC TRANSCRIPTIONS Starting next month, the U.S. Supreme Court's decisions and supporting options will be electronically transmitted to computer networks operated by 12 court-approved organizations as part of its new "Project Hermes," a 2-year experiment. Writing in CompuServe's Online Today electronic publication this week, James Moran notes that of the organizations directly receiving the Court transmissions, one is a non-commercial, non-profit, consortium made up of Case Western Reserve University, EDUCOM, and the National Public Telecomputing Network. EDUCOM later will transmit the opinions to Internet and BITNET for general distribution, as well as to NPTN which will distribute copies to affiliated community computer systems. Says Moran, "When the Supreme Court is ready to release an opinion, a computer at the Supreme Court Building in Washington will simultaneously open 12 telephone lines and transmit copies to the 12 primary information distributors. Subsequently, the distributors will make the Court's decisions available to other interested parties." For more information, send your name, organization or firm, address, city, state, and zip, to Project Hermes, CWRU Community Telecomputing Lab, 319 Wickenden Building, Cleveland, OH 44106. * * * A NETWORKER'S JOURNAL is a weekly feature by Charles Bowen%ment -------------------------------------------------------------------- To: tk0jut2 Subject: Re: Update: Alcor Life Extension Email Litigation Date: Sat, 23-Jun-90 12:08:07 PDT Update on the progress in the Alcor/email case as of June, 1990: by H. Keith Henson A suit under section 2707 of U.S.C. title 18 (the Electronic Communications Privacy Act) against a number of individuals in the Riverside, California Coroner's office, the District Attorney's office, and the Riverside police department was filed Jan. 11, 1990, one day short of the statutory limit. There were fifteen plaintiffs out of roughly fifty people who had email on the Alcor system. For those of you who are not familiar with the case, the coroner removed a number of computers from Alcor in connection with an investigation into the cryonic suspension of Dora Kent in December, 1987. The defendants moved in March for a dismissal of the case, arguing that 1) the warrant for the computer was enough to take any email found within it, and 2) that even if the defendants had made "technical" errors in confiscating the email, they should be protected because they acted in "good faith." Our lawyer opposed the motion, arguing that the warrant originally used was itself defective, even for taking the computers. This is something Alcor had never done, because (I think) people can only object to a warrant after charges have been filed, and for all the accusations the coroner and DA made in the press (which included murder, drugs, theft, and building code violations), no charges have been filed in this case in the last two and a half years. The federal judge assigned to the case denied the motion after hearing oral arguments in May. Based on the comments of the judge from the bench, it seems that he agrees that the plaintiffs have a case, namely that taking email requires a warrant for the email, or the persons doing so will face at least civil liability. So far the legal bill stands at over $10,000. Suggestions as to organizations or individuals who might be interested in helping foot the bills would be welcome. (Donations would be returnable if we won the case and the county has to pay our legal bills as required in section 2707.) The text of the legal filings (40k, three files) have been posted to CuD. If you can't get CuD, they are available by email from hkhenson@cup.portal.com =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+