Chaos Digest Lundi 18 Janvier 1993 Volume 1 : Numero 3 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.03 (18 Janv 1993) File 1--InterNet, Presentation de base File 2--Reference CCCF dans la banque de donnees des associations File 3--Pirates du Minitel travaillant chez France Telecom File 4--NUAs de serveurs Europeens File 5--Phreacking reconnu par la DG de France Telecom File 6--OCDE, Directives pour la securite des systemes d'information Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from jbcondat@attmail.com. The editors may be contacted by voice (+33 1 40101775), fax (+33 1 40101764) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], 47 rue des Rosiers, 93400 St-Ouen, France Issues of Chaos-D can also be found on some French BBS. Back issues also may be obtained from the mail server at jbcondat@attmail.com: all incoming messages containing "Request: ChaosD #x.yy" in the "Suject:" field are answered (x is the volume and yy the issue). CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunica- tions. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Fri Nov 20 14:25:16 CDT 1992 From: NPRESTON@SUVM.ACS.SYR.EDU (Nancy Preston ) Subject: File 1--InterNet, Presentation de base Copyright: "ERIC Digests are in the public domain and may be freely reproduced and disseminated". ERIC DIGEST ERIC Clearinghouse on Information Resources EDO-IR-92-7 Syracuse University September 1992 Syracuse, New York 13244-2340 Phone: (315) 443-3640 Fax: (315) 443-5448 Internet: ERIC@SUVM.ACS.SYR.EDU INTERNET BASICS By Roy Tennant This digest briefly describes the Internet computer network, the physical connections and logical agreements that make it possible, and the applications and information resources the network provides. The Internet The Internet is a worldwide network of computer networks. It is comprised of thousands of separately administered networks of many sizes and types. Each of these networks is comprised of as many as tens of thousands of computers; the total number of individual users of the Internet is in the millions. This high level of connectivity fosters an unparalleled degree of communication, collaboration, resource sharing, and information access. In the United States, the National Science Foundation Network (NSFNet) comprises the Internet "backbone" (a very high speed network that connects key regions across the country). The NSFNet will likely evolve into the National Research and Education Network (NREN) as defined in the High- Performance Computing Act of 1991 (P.L. 102-194, signed into law by President Bush on December 9, 1991). Physical Connections and Logical Agreements For the Internet to exist, there must be connections between computers and agreements on how they are to communicate. Connections can consist of any of a variety of communication media or methods: metal wires, microwave links, packet radio or fiber optic cables. These connections are usually established within areas or regions by the particular networking organization with authority or economic interest in that area. For example, a university academic department may lay Ethernet cable to connect its personal computers and workstations into a local area network (LAN), which is then connected to the cables the campus laid to connect its buildings together, which is then linked to cables laid by a regional network, which itself ties into the NSFNet backbone, the infrastructure for which was funded by the U.S. government. Therefore the path between any two points on the Internet often traverses physical connections that are administered by a variety of independent authorities. For disparate computers (from personal computers to mainframes) to communicate with other computers over a network, there must be agreements on how that should occur. These agreements are called communication protocols. At present, the Transmission Control Protocol/ Internet Protocol (TCP/IP) suite of protocols defines how Internet computers are to communicate. In the future, the Open Systems Interconnection (OSI) suite of protocols promulgated by the International Standards Organization (ISO) may be supported on the Internet as well. These protocols define how certain applications are to be accomplished: electronic messaging, online connections, and the transfer of files. Electronic Mail Electronic mail, or e-mail, is a fast, easy, and inexpensive way to communicate with other Internet users around the world. In addition, it is possible for Internet users to exchange e-mail with users of other independent networks such as CompuServe, Applelink, the WELL, and others. Internet users often find that the expanded capability to communicate with colleagues around the world leads to important new sources of information, collaboration, and professional development. Besides basic correspondence between two network users, e-mail presents additional opportunities for communication. Through various methods for distributing e-mail messages to lists of "subscribers," e-mail supports electronic discussions on a wide range of topics. These discussions bring together like-minded individuals who use such forums for discussing common problems, sharing solutions, and arguing issues. Another type of electronic communication that is growing in popularity is the electronic journal, or "e-journal." Although some e-journals require certain types of software and hardware to display each issue, most e-journals are distributed to a list of subscribers as an e-mail text message, either complete as one issue, or retrievable at the article level by mailing a command to a software program that automatically sends the appropriate file. The very definition of a "journal" is undergoing change in the electronic environment, as e-journal publishers experiment with different publication models (e.g., sending articles out individually as soon as they are ready rather than waiting until a group of articles are gathered for an "issue"). Remote Login Remote login is the ability of a computer user in one location to establish an online connection with another computer elsewhere. Once a connection is established with a remote computer, the user can use that remote system as if their computer were a hard-wired terminal of that system. Within the TCP/IP protocol suite, this facility is called Telnet. Utilizing Telnet, an Internet user can establish connections with a multitude of bibliographic databases (primarily library catalogs), campus information systems of various universities, full-text databases, data files (e.g., statistics, oceanographic data, meteorologic data, geographic data, etc.), and other online services. Many of these systems are available for any Internet user to access and use without an account. What makes this application truly remarkable is that ease and speed of access are not dependent upon proximity. An Internet user can connect to a system on the other side of the globe as easily as (and generally not much slower than) he or she can connect to a system in the next building. In addition, since many Internet users are not at present charged for their network use by their institutions, or at least are not charged by the level of their use, cost is often not a significant inhibitor of usage. Therefore the barriers of distance, time and cost, which are often significant when using other forms of electronic communication, can be reduced in the Internet environment. A compensating disadvantage is that initial costs for Internet connection can be high, and access can be technically demanding. File Transfer Another application of the Internet is the ability to transfer files from one Internet-connected computer to another. This function is provided by the File Transfer Protocol (FTP) of the TCP/IP protocol suite. In a method similar to using Telnet, network users initiate an online connection with another Internet computer via FTP. But unlike Telnet, this online connection can perform only functions related to locating and transferring files. This includes the ability to change directories, list files, retrieve files, etc. Types of files that can be transferred using FTP include virtually every kind of file that can be stored on a computer: text files, software programs, graphic images, sounds, files formatted for particular software programs (e.g., files with word processing formatting instructions), and others. Many computer administrators have set aside portions of their machines to offer files for anyone on the Internet to retrieve. These archive sites support "anonymous" logins that do not require an account to access, and therefore are called anonymous FTP sites. To locate files, Internet users can use the Archie service, which indexes files from over 900 separate anonymous FTP sites (Tennant, 1993). Extended Services The three basic Internet applications of electronic mail, remote login, and file transfer are also building blocks of more sophisticated applications that usually offer increased functionality and ease of network use. Tools such as Gopher, WAIS, and World Wide Web go beyond the three basic Internet functions to make information on the network easier to locate and use. Gopher is a project of the University of Minnesota that uses a series of menus to organize and automate access to information and other online systems wherever they reside on the Internet. The Wide Area Information Servers (WAIS) project of Thinking Machines, Apple Computer, Dow Jones & Co., and KPMG Peat Marwick, seeks to provide a common interface to a multitude of Internet databases. World Wide Web is a hypertext interface to Internet information resources that was developed at CERN in Switzerland (Tennant, 1993). This trend toward more powerful, user- friendly networked information resource access systems is likely to continue as the Internet grows and matures. Future Possibilities The backbone infrastructure for the United States portion of the Internet (the NSFNet, or the Interim NREN) is largely supported through federal government funding. For this reason, use of the network has been limited to non-profit research and educational uses, and commercial companies have established networking arrangements that avoid using the NSFNet. Most recently, however, dialogues have begun about commercialization and privatization of the NSFNet infrastructure. The full effects of such a move on current Internet users, especially research and educational institutions, has yet to be seen. One certainty is that the breadth of information and the services offered on the Internet will continue to burgeon, at an ever more rapid rate. Further Reading Bishop, Ann P. (1991, December). The National Research and Education Network (NREN): Update 1991. ERIC Digest. Syracuse, NY: ERIC Clearinghouse on Information Resources. (EDO-IR-91-9). [Also in ERIC as ED 340 390] Farley, Laine (Ed.). (1991). Library resources on the Internet: Strategies for selection and use. Chicago, IL: Reference and Adult Services Section, American Library Association. Kehoe, Brendan P. (1993). Zen and the art of the Internet: A beginner's guide to the Internet. (2nd ed.). Englewood Cliffs, NJ: Prentice Hall. Lynch, Clifford, & Preston, Cecilia. (1990). Internet access to information resources. In Martha E. Williams (Ed.), Annual review of information science and technology. 26 (pp. 263-312). Medford, NJ: Learned Information. Malkin, Gary Scott, & Marine, April N. (1992). FYI on questions and answers: Answers to commonly asked "new Internet user" questions. Network Working Group, Request for Comments 1325. [Available through anonymous FTP from host ftp.nisc.sri.com, directory rfc, filename rfc1325.txt] Polly, Jean Armour. (1992). Surfing the Internet: An introduction. Wilson Library Bulletin. 66(10), 38-42+. Scientific American. (1991). Special issue: Communications, computers, and networks. 265(3). Stanton, Deidre E. (1992). Using networked information resources: A bibliography. Perth, WA: Author. [Available through anonymous FTP from host infolib.murdoch.edu.au, directory pub/bib, filename stanton.bib or stanton.bib.wp] Tennant, Roy; Ober, John; & Lipow, Anne G. (1993). Crossing the Internet threshold: An instructional handbook. Berkeley, CA: Library Solutions Press. U.S. Congress. (1991). High-Performance Computing Act of 1991. Public Law 102-194, December 9, 1991. Washington, DC: U.S. Government Printing Office. [Available through anonymous FTP from host nnsc.nsf.net, directory nsfnet, filename nrenbill.txt] ------------------------------ Date: Thu Nov 19 14:30:45 -0500 1992 From: eekim@husc.harvard.edu (Eugene Eric Kim ) Subject: File 2--Reference CCCF dans la banque de donnees des associations Copyright: Encyclopedia of Associations, 1992 Au detour d'une d'une recherche dans les banques de donnees americaines, un de nos jeunes correspondant americain, Eugene Eric Kim, nous envoya la reference correspondant au CCCF dans le fichier de toutes les associations de part le monde. En voici le contenu: +++++++ 07996366 EA ENTRY NO.: 003634 (International Organizations) Chaos Computer Club France (CCCF) Boite Postale 8005, F-69351 Lyon Cedex 08, France Phone: +33 1 40101775, Fax: +33 1 40101764 Jean-Bernard Condat, Gen.Sec. FOUNDED: 1989. MEMBERS: 72. STAFF: 4. BUDGET: $12,000. LOCAL GROUPS: 7. NATIONAL. Disseminates information on security products for micro and mini computers. Promotes interest in cryptology (the scientific study of codes and ciphers); will attempt to decipher and format cryptograms. Provides system audits; offers courses on cryptography and industry documentation. TELECOMMUNICATIONS SERVICES: E-mail: jbcondat@attmail.com. COMMITTEES: Computer Frauds; Computer Viruses; Spy Instruments; Unix. PUBLICATIONS: CCCF Newsletter, monthly. * Membership Directory, semiannual. * Proceedings, annual. CONVENTION/MEETING: annual (with exhibits). SECTION HEADING CODES: Engineering, Technological, and Natural and Social Sciences Organizations (04) DESCRIPTORS: Computer Users; Cryptology +++++++ Don't hesitate to answer me soonly :-) Thanks. ______ ______ __ __ /\ ___\ /\ ___\ /\ \ \ \ Eugene Eric Kim '96 Harvard University \ \ \__/ \ \ \__/ \ \ \_\ \ INTERNET: eekim@husc.harvard.edu \ \ _\ \ \ _\ \ \ -_ ######################################### \ \ \/__ \ \ \/__ \ \ \-\ \ "Every man of action has an equal dose of \ \____\ \ \____\ \ \_\ \_\ egotism, pride, cunning, and courage." \/____/ \/____/ \/_/ \/_/ --Charles de Gaulle ------------------------------ Date: Mon Jan 11 14:07:03 MST 1993 From: imp@Boulder.ParcPlace.COM (Warner Losh ) Subject: File 3--Pirates du Minitel travaillant chez France Telecom Copyright: Agence France Presse, 1992 Fraude minitel - Des ministeres ou administrations victimes de "pirates du minitel" : un prejudice de plusieurs millions de francs- PARIS, 1er oct 92 (250 MOTS) Des administrations ou ministeres ont ete victimes a Paris ces derniers mois de "pirates du minitel" travaillant a France-Telecom, et huit personnes ont ete inculpees alors que le prejudice est globalement estime a des millions de francs, apprend-on jeudi de bonne source. Une estimation precise du prejudice etait, indique-t-on, "difficile a etabir en l'etat actuel de l'enquete". Des tehniciens de France-Telecom sont soupconnes de s'etre "branches" illegalement, a l'insu des victimes, sur leurs lignes telephoniques empruntees par le minitel. Ils ont "largement profite" de celles-ci, appelant par exemple des serveurs specialises dans des jeux sur ecran ou, ajoute-t-on, "les communications s'eternisent quand il s'agit de remporter un lot". Le palais de justice a Paris s'est apercu le premier de cette escroquerie presumee - reprimee par la recente loi sur l'informatique - en constatant une note "tres elevee" de minitel. Celle-ci aurait en effet atteint, ajoute-t-on, quelque 800.000 francs sur plusieurs mois. Le Senat, les ministeres des affaires etrangeres ou des DOM-TOM figureraient notamment au nombre des victimes. Une enquete a ete ouverte puis confiee a la Brigade financiere de Paris qui a procede, en debut de semaine, a une quinzaine d'interpellations de suspects en region parisienne. Huit d'entre eux ont ete presentes au juge Linais jeudi puis inculpes et laisses en liberte sous controle judiciaire. D'autres inculpations "pourraient suivre" ces prochains jours, conclut-on. rb/da ------------------------------ Date: Sun Jan 10 13:00:58 -0500 1993 From: as194@cleveland.Freenet.edu (Doren Rosenthal ) Subject: File 4--NUAs de serveurs Europeens Serveur NUA --------------------------- ------------------------ ARDIC-CIDA 175000120 CARTERMILL 0234233400101 CSPP 023424126010604 DATA STAR 0228464110115 DBI 026245300040020 ECHO 0270448112 ECODATA 022846410908014 EPO 02041170121 ESA-IRS 175000394 0234219201156 FINSBURY 0234219200101 FIZ TECHNIK 026245724740001 GENIOS 026245400030296 GEOSYSTEMS 0234290840111 INKA-DATA 026245724740001 INPADOC 0232911602323 JURIDIAL 1061902007 KLUMER DATALEX 02041570020 OPOCE 0270429200 PROFILE 0234213300124 QUESTEL 1061902007 SCICON 0234290840111 SLIGOS 192020028 TELECOM GOLD 023421920100479 THERMODATA 138020100 --------------------------- ------------------------ Pour obtenir un de ces ordinateurs, il est necessaire d' obtenir un acces Transpac par le 36062424 et de composer le NUA souhaite, suivi dans le cas d'un systeme non fran ais [=NUA commencant par un 0], de "P" et du NUI de six caracteres. ------------------------------ Date: Thu Nov 19 10:38:32 CDT 1992 From: KRIZ@VTVM1.CC.VT.EDU (Harry M. Kriz ) Subject: File 5--Phreacking reconnu par la DG de France Telecom Rubrique: Actualites Messages, no. 419, Novembre 1992, page 5 (ISSN 0245-6001) Mauvaise surprise pour les abonnes de la banlieue nord de Paris: pres d'un millier d'entre eux ont vu leurs factures de telephone gonfler a la suite d'un piratage de ligne. Renseignements pris, toutes ces personnes etaient en possession de telephones sans fil non agrees. Il faut savoir que ces appareils, souvent importes de l'etranger, ne possedent pas la meme protection electronique que les telephones agrees. Des lors, rien n'interdit a un "pirate" muni d'un telephone sans fil de se poster a proximite et de trouver, par tatonnement, une frequence disponible qu'il utilise aux frais de l'abonne. Pour eviter que de pareilles malversations ne se reproduisent, la Direction de la reglementation generale du ministere des P et T va lancer d'ici la fin de l'annee une nouvelle campagne d'information sur l'agrement. ------------------------------ Date: Tue 22 Dec 1992 14:19:51 EDT From: Marc_Rotenberg@WASHOFC.CPSR.ORG (Marc Rotenberg ) Subject: File 6--OCDE, Directives pour la securite des systemes d'information OECD SECURITY GUIDELINES The Organization for Economic Cooperation and Development (OECD) has adopted international Guidelines for the Security of Information Systems. The Guidelines are intended to raise awareness of the risks in the use of information systems and to establish a policy framework to address public concerns. A copy of the press release and an excerpt from the Guidelines follows. For additional information or for a copy of the guidelines, contact Ms. Deborah Hurley, OECD, 2 rue Andre-Pascal, 75775 Paris Cedex 16, 33-1-45-24-93-96 (phone) 33-1-45-24-93-32 (fax). Marc Rotenberg, Director CPSR Washington office and Member, OECD Expert Group on Information System Security rotenberg@washoc.cpsr.org ============================================================= "OECD ADOPTS GUIDELINES FOR THE SECURITY OF INFORMATION SYSTEMS "The 24 OECD Member countries on 26th November 1992 adopted Guidelines for the Security of Information Systems, culminating almost two years' work by an OECD expert group composed of governmental delegates, scholars in the fields of law, mathematics and computer science, and representatives of the private sector, including computer and communication goods and services providers and users. "The term information systems includes computers, communication facilities, computer and communication networks and the information that they process. These systems play an increasingly significant and pervasive role in a multitude of activities, including national economies, international trade, government and business operation, health care, energy, transport, communications and education. "Security of information systems means the protection of the availability, integrity, and confidentiality of information systems. It is an international issue because information systems frequently cross national boundaries. "While growing use of information systems has generated many benefits, it has also shown up a widening gap between the need to protect systems and the degree of protection currently in place. Society has become very dependent on technologies that are not yet sufficiently dependable. All individuals and organizations have a need for proper information system operations (e.g. in hospitals, air traffic control and nuclear power plants). "Users must have confidence that information systems will be available and operate as expected without unanticipated failures or problems. Otherwise, the systems and their underlying technologies may not be used to their full potential and further growth and innovation may be prohibited. "The Guidelines for the Security of Information Systems will provide the required foundation on which to construct a framework for security of information systems. They are addressed to the public and private sectors and apply to all information systems. The framework will include policies, laws, codes of conduct, technical measures, management and user practices, ad public education and awareness activities at both national and international levels. "Several OECD Member countries have been forerunners in the field of security of information systems. Certain laws and organizational and technical rules are already in place. Most other countries are much farther behind in their efforts. The Guidelines will play a normative role and assist governments and the private sector in meeting the challenges of these worldwide systems. The Guidelines bring guidance and a real value-added to work in this area, from a national and international perspective." PRINCIPLES "1. Accountability Principle The responsibilities and accountability of owners, providers and users of information systems and other parties concerned with the security of information systems should be explicit. "2. Awareness Principle "In order to foster confidence in information systems, owners, providers and users of information systems and other parties should readily be able, consistent with maintaining security, to gain appropriate knowledge of and be informed about the existence and general extent of measures, practices and procedures for the security of information systems. "3. Ethics Principle "Information systems and the security of information systems should be provided and used in such a manner that the rights and legitimate interests of others are respected. "4. Multidisciplinary Principle "Measures practices and procedures for the security of information systems should take into account of and address all relevant consideration and viewpoints, including technical, administrative, organizational, operational, commercial, educational and legal. "5. Proportionality Principle "Security levels, costs, measures, practices and procedures should be appropriate and proportionate to the value of and degree of reliance on the information systems and to the severity, probability and extent of potential harm, as the requirements for security vary depending upon the particular information systems. "6. Integration Principle "Measures, practices and procedures for the security of information systems should be co-ordinated and integrated with each other and with other measures, practices and procedures of the organization so as to create a coherent system of security. "7. Timeliness Principle "Public and private parties, at both national and international levels, should act in a timely co-ordinated manner to prevent and to respond to breaches of information systems." "8. Reassessment Principle "The security information systems should be reassessed periodically, as information systems and the requirements for their security vary over time. "9. Democracy Principle "The security of information systems should be compatible with the legitimate use and flow of data ad information in a democratic society." [Source: OECD Guidelines for the Security of Information Systems (1992)] ------------------------------ End of Chaos Digest #1.03 ************************************ Downloaded From P-80 International Information Systems 304-744-2253