 
------------------------------
 
From: Ah, sordid
Subject: From the Mailbag
Date: 3 June, 1991
 
********************************************************************
***  CuD #3.19: File 2 of 4: From the Mailbag                    ***
********************************************************************
 
From: "76476.337@compuserve.com \"Robert McClenon\"
Subject: Rose and Morris Sentences
Date: 20 May 91 23:34:49 EDT
 
Here are my thoughts on the Len Rose sentencing.  The sentence imposed
on Rose should be compared not only to those of others caught in Sun
Devil cases, such as Riggs, Darden, and Grant, but to that of Robert
Morris Jr.  Rose, Riggs, Darden, and Grant were all given
disproportionate sentences compared to Morris.  Alternatively, Morris
was given an absurdly light sentence of community service compared to
Rose or Riggs.  Rose, Riggs, Darden, and Grant were sent to prison.
Morris was given community service.
 
Rose, Riggs, Darden, and Grant were prosecuted for what they are
presumed to have been trying to do.  They never did material harm.
Morris was prosecuted for what he did.   It is not established exactly
what he was trying to do, but he did substantial actual harm.
 
If Riggs, Darden, and Grant were in fact trying to do what it is
alleged that they were trying to do, then they were trying
unsuccessfully to do what Morris did (with or without trying): to
degrade a network to the point of unavailability.  That is the worst
explanation of what Riggs and others were trying to do in the E911
case.  That is what Morris actually did to the Internet on one
dreadful November day.
 
Why were Rose and Riggs dealt with more harshly than Morris?  Maybe
prosecutors don't understand what the Internet is but they understand
what a conventional telephone company is.  Conceptually the Internet
is a digital telegraph company, not very different from a telephone
company.
 
By the way, I don't buy the argument, expressed repeatedly in various
digests, that Rose was really only guilty of copyright violations and
not of a crime.  Look at the FBI warning on any rented videotape.
Copyright infringement is a crime, punishable by 5 years in prison.
The issue is not whether Rose committed a crime.  The issue is equity
in sentencing.  Rose committed a crime.  Riggs committed a crime.
Morris committed a crime.  The sentences were disproportionate.
 
Maybe Morris got off lightly compared to Riggs because no one knows
exactly what Morris's intentions were, while the Legion of Doom talked
at interminable length about theirs.  I submit that no one really
knows what the real intentions of the Legion of Doom were either.
Hackers often engage in grandiose talk.  Pranksters and vandals often
say nothing.  Neither talk at length nor the failure to discuss one's
motives is necessarily informative.  Also, no one knows what Rose's
ultimate motives were.  Presumably he was planning to capture
passwords, but that does not indicate what he planned to do with them.
Morris's real motives are unknown.  Rose's real motives are unknown.
Riggs's real motives are unknown, eclipsed by the wild hacker
rhetoric.  The difference is that Morris did real harm.
 
Either Morris should have gone to jail or Rose and Riggs should have
gotten community service.  I think all three should have been fined
heavily.  They were.  I think all three should have been given
community service.  Morris was.  Alternatively, all three should have
been jailed.  Two were.  Morris did real harm.  Rose didn't.  The
disparity isn't fair.
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
From: Eric_R_Smith@CUP.PORTAL.COM
Subject: Stage.dat, Protections, and FluShotPlus
Date: Thu, 23 May 91 17:46:52 PDT
 
One of the problems in the recent controversy about Prodigy's
STAGE.DAT file has been that many would-be testers simply didn't have
the tools to catch Prodigy red-handed.  Instead of all the effort
spent re-installing the software on supposedly virgin diskettes and
hard disk subdirectories, we can use some readily available software
to do a more thorough job.  Although there are other pieces of code
that will work as well, I chose the virus-guard FluShotPlus as my
trapping program.  [FluShotPlus may be downloaded from the author,
Ross Greenburg's BBS at (212) 889-6438.  A commercial version of the
program called Virex-PC is available in the usual locations.]
FluShotPlus works by watching key ares of your system and then
alerting you when a program does not behave according to YOUR rules.
Your rules are established in a file called FLUSHOT.DAT placed in you
root directory.  Another utility in the FSP package will allow you to
change the name and location of this file for greater security, but
let's stick to the default for purposes of this explanation.
 
Let's also assume that we have installed PRODIGY in C:\PRODIGY.
Assuming those conditions, here is a sample FLUSHOT.DAT file that will
protect your system and monitor file use.
 
 ----------------------- CUT HERE -------------------------------
R=C:\*.*
W=C:\*.*
E=C:\PRODIGY\CACHE.DAT
E=C:\PRODIGY\CONFIG.SM
E=C:\PRODIGY\DRIVER.SCR
E=C:\PRODIGY\KEYS.TRX
E=C:\PRODIGY\LOG_KEYS.TRX
E=C:\PRODIGY\MODEMS.TXT
E=C:\PRODIGY\MODEMSTR.EXE
E=C:\PRODIGY\PRODIGY.EXE
E=C:\PRODIGY\PROFILE.DAT
E=C:\PRODIGY\STAGE.DAT
E=C:\PRODIGY\TLFD0000.*
E=C:\PRODIGY\VDIPLP.TTX
 ----------------------- CUT HERE -------------------------------
 
The first two lines prohibit all reads and all writes of all files on
drive C:.  Add more lines to protect files on other drives.  The rest
of the file are EXCEPTION lines -- exceptions to the two rules we set
up in the first two lines.  For example, line 3 allows all access to
C:\PRODIGY\CACHE.DAT.  Any other file access in C:\PRODIGY will
provoke a bell-warning from FluShotPlus.
 
With this file situated in the root of C:\, all we need do is fire up
FSP.
 
So far, so good.  This simple setup should allow most Prodigy users to
sleep comfortably.  There is one major problem with this setup: FSP
does not handle graphics screens.  Thus, its warning screen, alerting
you to the type of access being requested, and the offending program,
remain a mystery to you.  I use a frontend to Prodigy called
Prod-Util.  It allows me to compose messages offline and upload them,
and to control the screen dumps more efficiently.  It has other
features, but those are the only two that I use.
 
No sooner did I have my FluShot.Dat set up than I started a Prodigy
session and got a bell-warning.  I looked all over the subdir, added
to Prod-Util files to the FLUSHOT.DAT list of permitted files and
still I got the warning.  What to do now?  I dug into my code archives
and came up with DOSWatch, a demo program that I got from Crescent
Software when I purchased their wonderful BASIC add-on library PDQ.
This little library allows me to produce the smallest BASIC code
around.  DOSWatch is similar to the other WATCH programs in the PD: it
reports on the activities of the system.  Now, usually, DOSWatch
reports directly to the screen.  But we still had the problem of
PRODIGY being a graphics-based app.  Rather than recode everything to
go into graphics mode, I decided to dump the results of DOSWatch to a
disk file.  I would not be able to stop PRODIGY from looking at my
files, but I would know after the session, which files it had looked
at.
 
So I skipped the installation of FluShot in order to let DOSWatch
catch Prodigy red-handed.  And sure enough, a few seconds into the
Prodigy program's load, it opened a file called KEYTRACE.AUT. Innocent
enough.  Must be a file where they keep track of where I have been in
the system during a session.  So I sent Prodigy tech support a
message, asking what KEYTRACE.AUT did.  The message came back that all
KEY files are keyboard interfaces.  But they were talking about the
.KEY files, not KEYTRACE.AUT.  So I sent another message asking them
to come clean.  Tell me what the specific file KEYTRACE.AUT did, and
while they were at it, what did the different fields in MODEMS.TXT
control?  They must have thought I was hacking the system or that
something had gone awry, for the next day, I had a call from Prodigy
tech support!  He said again that the file in question was not one of
theirs.
 
Stupid me!  I had completely forgotten about little PROD-UTIL, working
in the background.  Because I had not given it permission to go TSR on
me, FluShot had dutifully reported it as a violation of my rules.  [By
the way, MODEMS.TXT still remains shrouded in mystery.  Yes, it is a
comma-separated data file, but its contents and their purpose is a
trade secret.  But it only controls S-Registers and the like.  Still a
secret.]
 
Why narrate my tale of embarassment?  To remind all of us who run
fairly complicated setups that we need to eliminate ALL variables and
do thorough testing before we go public with accusations of
impropriety.
 
If you would like, I can send you a BASIC program that will create the
Watch exe file.  I have permission from Crescent to distribute my
amended version of their code.
 
********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************