Computer underground Digest Wed Nov 4, 1992 Volume 4 : Issue 55 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth / Ralph Sims Copy Editor: Etaion Shrdlu, Jnuroir CONTENTS, #4.55 (Nov 4, 1992) File 1--More on "Little Black Book of Comp. Viruses" File 2--Clinton Endorses Right to I File 3--Electronic Privacy and Canadian Law File 4--Computer Access Arrests In NY (NEWSBYTES reprint ((CR)) File 5--Tripwire "Integrity Monitor" Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; and using anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. Back issues also may be obtained from the mail server at mailserv@batpad.lgb.ca.us. European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- From: jbcondat@ATTMAIL.COM Date: 31 Dec 69 23:59:59 GMT Subject: File 1--More on "Little Black Book of Comp. Viruses" After the publication in CuD #4.52 (Sun Oct 18, 1992) of the "File 5--Making the news and Bookstands (Reprint)", I receive an incredible number of well-argumented reactions. The French translation of the Mark Ludwig's book, cited as followed in the Library of Congress' general catalog ++++++ 01351245 2092974XX STATUS: Active entry TITLE: The Little Black Book of Computer Viruses, Vol. 1: Technical Aspects AUTHOR: *Ludwig, Mark A.* PUBLISHER: Amer Eagle Pubns Inc PUBLICATION DATE: 02/1991 (910201) EDITION: Orig. Ed. NO. OF PAGES: 192p. LCCN: N/A BINDING: pap. - $14.95 ISBN: 0-929408-02-0 VOLUME(S): N/A ORDER NO.: N/A IMPRINT: N/A STATUS IN FILE: New (90-06) SUBFILE: PB (Paperbound Books in Print); ST (Scientific and Technical Books and Serials in Print) PAPERBOUND BOOK SUBJECT HEADINGS: TECHNOLOGY- COMPUTERS AND COMPUTER TECHNOLOGY (0000456X) +++++ is already in France on of the most critical publication of this winter. All weeks, some critics are available in the press... and the Chaos Computer Club France is consider as an humor organization, without any ethics :-) Some e-mail reactions of so-called specialists of computer viruses are absolute full of humor. I give you one overview of the style. ACADEMIC AND WITHOUT REQUIRED-ANSWER From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Vladimirov Bontchev ) Date: Mon Oct 12 19:26:11 GMT 1992 > The CCCF are translate for a long times the book of Mark Ludwig you cited. > It's not my PRIVATE initiative but one of my group. I see... Not a good idea, IMHO... > This book is forbidden in th US. This book will perhaps not be publish, The book is NOT forbidden in the USA. Sorry, but your information is wrong. I wish it were true, but it is effectively impossible to prevent something from being published in the USA, except if it threatens the National Security (sic) or contains plain lies (in the latter case you still can publish it, but are running the risk to be sued). This "freedom of press" is guaranteed by one of the amendments to their Constitution. In fact, Ludwig's book has been -already- published there. I have a copy of it on my desk. > Do you mean this French translation (proposed title: "C'est decide! J'ecris > mon virus") will be an extremely bad think? If you are asking about the title - I don't know. Why changing the title? Why not just translating it to something like "Petit livre noire de virus informatique" or something like that? (Sorry, my French is horrible.) If you are asking whether I think that the idea to translate the book in French is a bad one - yes I definitively think so. This book is harmful. There is nothing useful that the reader could learn from it. S/he can only learn how to write viruses, and even this is not taught properly... :-) The virus techniques described there are old, silly, and barely work. But nevertheless they are dangerous. Several years ago, a German called Ralf Burger has published here a similar book, containing the sources of a few silly viruses. The virus writing techniques discussed in Burger's book are even less effective than the ones described in Ludwig's book. But nevertheless, the viruses described there have been used to create hundreds of variants. (Those viruses are Vienna, Burger, Number 1, Rush Hour...) The same will happen with the viruses published in Mark Ludwig's book... That's why, I consider any publicity of his "oeuvre" to be harmful. In fact, if you translate and publish it, it will be harmful to your reputation. After all, you are claiming that CCCF does NOT support hacking (cracking) and virus writing, but is opposed to it. Even EICAR might decide that you (as a member) do not conform to its constitution and Code of Good Conduct... Remember, several years ago IFIP published an appeal to everybody, including all publishers, to refrain from publishing virus code. John McAfee is master of the media shows... :-\ He does this much better than fighting viruses... :-( The only thing that he does even better is making money... :-) My advice to you is: if you can stop the translation and the publication of this book in France, do it. VIOLATION OF PRIVACY From: pelegrin@geocub.greco-prog.fr (Francois PELLEGRINI ) Date: Wed Oct 21 13:38:06 +0100 1992 I write you give you some comments about the mail you sent me about the brand-new CCCF book. I am in favor of the publication of such a book, in spite of some points I find preoccupating: I am in favor of free software and information, but my concern about viruses is that they represent a violation of privacy, all the more when they have harmful abilities. I would be *VERY* angry should a virus blast 2 years of work done on a hard disk. Even reinstalling a partition is time-consuming, all the more when you cannot install bought software because they have not been un-installed before the system crashes! To sum-up, I am in favor of the prosecution of authors of harmful viruses. To take an example in real life: would you like someone to enter your apartment (just because you left a window opened once) and crash all your CDs? In spite of that, I find their principles of conception exceptionally interesting and stimulating: as you must put all the replicative code on as few bytes as possible, virus coding is to me great hack art. I believe in such educational purposes. The only point which cause problems is the idea of having lots of different viruses (not in conception, since it will be based on the book's ideas, but in code), so that maintaining anti-virus codes will be more and more expensive in time. By reading such a book, hackers will have big fun and will experiment new things, but I am afraid of mere-beginners, getting proud of writing "their" virus, which will just be a copy of what is in the book. As you talk of "1.500" viruses, I guess you mean PC viruses. As their input can only happen, even in a local network area, from a magnetic media (I have not heard about PC networks linked to the Internet), a check at the input points (floppy-disk equipped machines) is rather secure. Would you have talked about Internet viruses, the danger would have been greater (exposing the mail bugs, or similar system faults is not harmless), as no machine can resist to an invisible Net attack. P.S.: Just a last idea: I have read some CCC propaganda (I have one of their books, in French, "Danger: pirates informatiques), and sometimes they prone free access to information. Does it mean that we are allowed to copy their book on a copy-machine, rather than buying it? People have spent time writing books, and expect some money to pay them back for it. It is the same thing with programs: "Don't let a virus ruin your life!". WITH DARKNESS From: drkadpt@drktowr.chi.il.us (The Dark Adept ) Date: Sat Oct 17 13:12:42 GMT 1992 Why, why, why?!?!?!? 1) Anyone who wants to write a virus to hurt people will be able to find out anyhow from other bad people. 2) The good people who want to learn how to stop viruses will not be able to learn unless they see source code. As you wrote before, the viruses in that book are easy to protect against. They are not complicated, so they can do no real harm unless someone is careless. I see nothing wrong with what you did. I think you have helped people. Sadly, we must use false names in the U.S. since clubs like CCCF make people upset. They think Chaos, Legion of Doom, et cetera want to hurt people. We both know this is false, but some people here think it true. MILITARY STYLE From: WHMurray@DOCKMASTER (William Hugh Murray ) Date: Mon Oct 19 17:43:45 GMT 1992 I am generally opposed to the publication of viruses in code or in print. Viruses, like other ideas, once published cannot be easily controlled. The author has almost no control. Viruses in code can replicate without much human help or assistance. On the other hand, they keep much of their design and intent concealed. Currently, viruses in print cannot replicate without considerable human help. However, their intent is to make their design and intent as obvious as possible. This may result in even more destructive use of the ideas. I consider any publication of viruses in executable code to be gratuitous at best, destructive at worst. Particularly in print, any legitimate objectives can be met in psuedo code. Still, while opposed to any publication, all other things being equal, I have a small preference for publication in print if publish you will. While I will attempt to discourage you from any such publication and will shun you after the fact if you do so, I am opposed to the use of the power of the state to restrain you. This has almost nothing to do with how I feel about the essentially destructive nature of your publication. Rather it is related to the potential for abuse of any such power granted to the state. While forced to trust the state to distinguish between classes of destructive behavior, my reading of history leaves me temporarily convinced that the state should not be trusted to judge ideas. R&D ONLY From: M.Rawidean1@lut.ac.uk (Mohamed Rawidean ) Date: Fri Oct 23 19:13:04 BST 1992 I think it's a good idea. Anyway the circulation should be limited to research & academic purposes ONLY. This is my personal opinion. From: mechalas@mentor.cc.purdue.edu (John Mechalas ) Date: Fri Oct 23 10:36:05 EST 1992 Hmmm...legally, I can't say there is anything wrong with what you propose, although the ethical aspects do pose interesting questions. I would have no objections so such a text being released in an academic environment, such as for use as a textbook on virus and anti-virus theory, but I have misgivings about a public release. There may be many potential virus writers who could gain enough interest in the material to actually improve upon given code, or even gain that insight needed to write their own code. Supposedly, in an academic setting, the students would be considered more responsible than that. (That's the theory anyway). LIKE THE TECHNOLOGY OF ATOMIC BOMBS From: tristan@la.tce.com (Tristan Savatier ) Date: Wed Oct 21 10:34:57 PDT 1992 I have nothing agains this. Computers are often not "safe", and it is good that people get aware of this fact. I personally spent a lot of time looking for books that would explain the technology of atomic bombs, and was very disappointed to see that, in the public libraries in France, the interesting pages had been teared off. What a shame! THE DAMAGE IS ALREADY DONE From: weber@vortex.ufrgs.br (Raul Fernando Weber ) Date: Mon Oct 19 11:25:28 EST 1992 I am not opposed to the publication of books about the problem of viruses and other malicious programs. The end user should learn about the problem that viruses represent to computer sciences in general. The user should known the perils that such programs represent to his or her data. Knowing your enemies is the best method of fighting against them. But if a book contains source code of viruses, that is a real problem. Anyone can then easily type the code or modify it, and very soon we will have a greater number of new viruses to deal with. Any explanation about viruses can easily be done in plain text or in pseudo code (without explicit reference to a hardware platform or operating system). Authors of such books should be discouraged to publish complete or partial descriptions of viruses source code. It doesn't matter if the code published is from viruses that can be detected and eliminated by normal anti-virus programs. If this book is read by someone that is not a "responsible adult"', and this person writes a virus with the information he or she gets from the book, the damage is already done. It doesn't matter if this virus works or not, if it is a "bad replicator" or a "benign virus"'. In the other way, I also believe that once such a book is published, there is nothing we can do against it, except discourage any person from buying it, or from using the ideas to write viruses. I am against any type of censure. It is much better to give people a good education and sense of ethics. I wrote articles about computer viruses (in portuguese) and I use high-level pseudo-code in order to explain the virus routines. For instance, in order to explain how a bootstrap virus uses stealth techniques, I explain that the virus has the following routine: if trying_to_read_the boot_sector then show_the_original_boot_sector This art of pseudo-code lets the reader understand how the virus work without teaching how to write a virus. Of course, a good programmer can translate this to assembler and write such a virus for the IBM-PC, but he needs to understand a lot about BIOS, DOS, etc. Giving the code in assembler form enables an unexperienced user to write a virus, and that is exactly the crucial point! With pseudo-code you need to be a good and experienced programmer in order to write a virus, and I hope that every such a programmer has also a good sense of ethics. But with assembly listings almost everyone can, with a trial-and-error process, also write a virus. And this kind of user can release a virus just for fun, to see what happen with his neighbours. This possibility of "unwanted" spread of virus scares me, and because this I am against the publication of viruses code in general. ABOUT AIDS AND PROSTITUTE Date: Mon Oct 19 17:33:00 EDT 1992 From: doc@magna.com (Matthew J. D'Errico ) First of all, I have never read this book personally. Without that first hand knowledge, it's difficult for me to comment on the content directly. Secondly, I think it is wrong to publish any book which might place this type of information in the hands of potentially malicious people. The true "hacker" does not need this information, they've already gotten it through other means, or they're creating it on their own. While responsible people, such as my organization, now run regularly with Anti-Virus software loaded on our systems, it is because of the malicious intent of a precious few that we must. The argument that the virii contained in the book are handled by the available Anti-Virus software, in my opinion, is absolutely no guarantee that there is no potential danger to release of this information. Education, in my opinion, should be directed to the proper use of computer technology, not the abuse of it. You don't educate someone about AIDS by sending him to a prostitute, agreed? My opinion. LOW QUALITY OF THE VIRUS CODE From: frisk@complex.is (Fridrik Skulason ) Date: Sat Oct 17 11:05:15 WET 1992 My reaction will simply be the same as to the publication of the English book - I will do my best to ignore it. There is nothing I can do to stop it - it is not illegal, in if I went public, encouraging people not to buy it or read it, it would have just the opposite effect. No, the only thing I can really do is to talk about the low quality of the virus code in the book - just call it "Junk"... THE COUNTRY IS IRRELEVANT From: hayes@urvax.urich.edu (Claude Bersano-Hayes ) Date: Tue Oct 20 04:52:00 EDT 1992 I first think the country is irrelevant. France, Italy, Bantoustan... or the USA. The problem remains the same: shall we as a whole have access to the information. You probably have informations I don't. I am less drastic than you here. I think all depends of the info, and what one can do with it. Knowing how to make a A-bomb is not critical, since getting plutonium is not *that* easy. Creating computer viruses is another matter. Publishing a "do-it-yourself" book about viruses is at best irresponsible, and more than likely dangerous. But there are laws in France too. The book can be published "legally" but its use can be dangerous for the user who get caught creating and/or disseminating viruses. I am not a lawyer so you may want to check with others, but it seems to me that the publisher may be sued if a book entices someone to do something illegal. Suggestion: post that same message to Usenet's soc.culture.french. You will probably get a few more replies. But this does not mean I approved of the US publication either. I did not (but was not asked ). The self-proclamed "Dark Avenger" released his MtE (Mutating Engine) which can be used to make "stealth" viruses (and it is available on many BBS's here). Not a great idea either... Since I don't know the state of computing in Europe in general, and France in particular, I have no idea what the impact of this book will be. If the book is aimed at computer professionals that's another story. These people need to know how these little pests work. I have no problems there. I don't think liberty has anything to do here. The problem is one of publisher's resonsibility: will this book cause harm to the computer users at large? I myself ran into a similar problem here in the US. I moderate a virus- awareness group on a local BBS and a fellow user wanted to give references about some viruses (including source code and book titles). I refused (and was called a fascist because of that). There is no good answer to this problem ... RUSSIAN'S OFFICIAL ANSWER From: eugene@kami.npimsu.msk.su (Kaspersky Eugene Valentinovitch ) Date: Tue Oct 20 19:31:15 GMT 1992 I think that the publications of virus sources is very bad news for me because: 1. The difficult virus (like a stealth, polymorphic, etc) is very interesting to analyze it and it's a very interesting job to make antiviral for this difficult virus. This virus can be produced only by high-class programmers. But the high-class programmer can write the virus without any smb virus sources, without any books with the virus sources. So who will read this book? Only the -beginners- in programming and assembler. And these beginners can't write the virus which will be interesting to me. They can write the millions of Vienna, Burger, Tiny viruses. At this moment the sources of Vienna and Burger viruses are printed in West, the source of the virus Vienna was published ever in Russia!!!. Now there are about 50 viruses of Vienna and 10 of Burger in my collection. And I should to analyze them and add the information into my antiviral database. And it's a lost time, because it's a non interesting work for me and my boys. It's a work for the rubbish-remover. There is the word 'zolotarr' on Russian - it's a man who on very old years cleaned the water-closets (on the old year there are 'closets' without 'water'). The analyze of the Vienna and Burger is the work of 'zolotarr'. And now when I receive the new large portion of the viruses I say for my boys: "Hey, zolotarrs! Come here! There is a new work!" :-) So this is the 1st why the publication of the virus sources is very bad to me: I receive a lot of not interesting work. 2. The publications of the virus sources will push some programmers to the virus creation. If this is a beginner, see above. If it's a good programmer he can write new very interesting virus. But I have a lot of interesting virus! It's enough! It's about 900 analized viruses in my collection and about 300 awaiting analyze. So this is the 2nd: there are too much viruses, and I don't want to receive another ones. 3. This publication is the hooliganism, because this paper can call the damage for the computer users and not only to them. I think that it is not needed to explain this. It's the 3rd: I don't like the hooligans. That's all. About the virus-writers +++++++++++++++++++++++ I think that the men who wrote this book are unhappy men, because they try to make the work which is not needed to another men. They can't find the more interesting job. It's unhappy. I see from time to time the virus-writers. Practically all of them seens like non-smiling boys, boys which don't like to girls... So I think that the virus writes and virus-publishers are unfortunately because the good man don't writes the viruses. About France ++++++++++++ You asked me about France only. Why only France? I think it's a problem of all the countries. Yes, the France, Spain, ... are non-computer countries, I don't know why. I remember 2 French programs only: exe-file-compresser LZEXE and the game ... I forgot the name... the game about prisoner. Ha! the name of this game -EDEN. That's all. I think that the love to computers - it is a national peculiarity. The French programmers can write intelligent virus, but probability of this is a little. But the USA, UK, Russia (yes, Russia!) - there are the computer countries. And there are a lot of high-level programmers, a lot of programmer-hooligans too, especially in Russia :-(. About free information ++++++++++++++++++++++ There are the range of the information freedom: from "don't write about viruses!!!" till "write all about them including the source". I think the better way for the virus information is the middle of this range. I have about 10 publications in 2 books, Russian computer magazines, Russian newspapers and I try to say the interesting information about viruses but so that this information can't be used while programming the new viruses. P.S. Sorry my English, all the people in Russia told only on Russian - I don't know why... ;-) POLYMORPHISM AND GLUT From: 0004886415@mcimail.com (Joe Wells ) Date: Wed Oct 21 11:52:57 +1000 1992 At the mid-June NCSA conference in Washington DC, during the "Is there a good virus" debate (moderated by Alan Solomon and in which the author of the little Black Book defended his publication), I expressed my opinion on the subject by stating that the publication of source code in the Burger book had done more to worsten the virus problem than any other single thing. The publishing of the vienna code led to the two worst problems we have today. Polymorphism (Washburn based on vienna) and glut (many virus writers use the code as their basis) BECOMING UPSET, ANGRY AND HURT From: mcafee@netcom.COM (McAfee Associates ) Date: Tue Oct 20 21:19:11 -0700 1992 I'm glad to be of assistance to you. I think that most people in the anti- virus community view Mr. Ludwig's book with considerable distaste. Mr. Ludwig does not seem to recognize the fact that he is making all of our lives more difficult by teaching people how to write computer viruses. I am not a programmer, nor am I a lawyer or a businessman. I provide technical support for people who have a computer infected with a virus (or suspect that they have one). These are people who become upset, angry, and hurt because they have gotten a virus from some source. And I don't think people should have to suffer just so someone can show off his (her) programming skills or prove that he can print virus source code and sell it safely behind the laws of his own country. Please bear in mind that I am not a lawyer, nor do I have a background in international shipping or publishing. I would strongly recommend that you contact the U.S. Department of Commerce or at least the U.S. consulate in Paris. They should be able to provide you with all information required to import Mr. Ludwig's book into France and publish it there. I would also strongly recommend that you check with a lawyer that specializes in high-tech crime issues as well as the high-tech crime bureau of your local police department to make sure that no laws our broken by its publication. If your local police department does not have a high-tech crime bureau, I would recommend that you try contacting the national police. When talking with your lawyer, I would recommend that you ask him (or her) about your legal exposure: You (or CCCF) could be held responsible for damages caused by the viruses, even if you include a disclaimer. HOW TO POISON YOURSELF? From: frasq@panafix.frcl.bull.fr (Eric-Gilles Companie ) Date: Thu Oct 22 14:39:29 +0100 1992 Publishing a book on how to build a virus on Unix seems to be like publishing a book on how to commit suicide. In fact, such a recipe collection, actually a cook book for the "how to poison yourself" chapter, was edited in the so called land of liberty. A teenage boy purchased the book. There he found a way to put an end to his human condition, without pain, as advertised. Good buy thought the boy when he fell asleep. His father started an association of the victims, of the victims' parents one should say. The author and the editor were asked to withdraw the book from the stores. They claimed their book brought relief to people who were desperately seeking means to cleanly kill themselves. The boy's father didn't jump to their necks, he went to court, and won. The book was censored. I don't regret it. You know, sometimes, my spirits isn't so high. IRRESPONSIBLE ATTITUDE From: rslade@sfu.ca (Robert Slade ) Date: Sat Oct 17 13:20:55 PDT 1992 I am strongly tempted to reply that your posting is stupid, and an obvious attempt to justify an irresponsible attitude. However, giving you the benefit of the doubt, I will try to restrain myself. You try to take the "high moral ground" by implying that the publication of this book will assist users to protect themselves. While I acknowledge that "good" books on protection against viral programs are hard to find, Ludwig's book is definitely not the answer. It is certainly no better in that regard than many other available works. You attempt to downplay the damage that can be done is unrealistic. While agreeing that Ludwig's code is simplistic and easily countered by reasonable protection, but, as you note, the vast majority of users have *no* protection. In addition, the new viral programs thus generated require a lot of extra effort on the part of the anti-viral researchers to weed out these additional, if stupid, viral programs. PUBLISH THE BOOK From: ygoland@SEAS.UCLA.EDU ("Yaron Y. Goland" ) Date: Tue Oct 20 22:13:39 PDT 1992 Accepting for the moment that it is indeed legal to publish this book in France, the question at hand is if it is 'right' to publish this book. I believe this is the wrong question. Is the computer virtual community to act as a self censor? Should we not say what we know for fear of 'educating' others? Any time we restrict ourselves in this manner we limit our freedom and the freedom of everyone around us. Information is, in itself, not dangerous. It simply is. It is the use that the information is put to that determines it's 'correctness'. Publish the book. To not do so is to do nothing more than carry on the irrational fear of viruses and more importantly it will strike another blow against the various forms of 'self censorship' which is now practiced within the community. Silence breeds fear, not knowledge. The Jester CONCLUSIONS From: Mark A. Ludwig (Amer. Eagle Publications, Inc., PO Box 41401, Tucson, AZ 85717; Phone: (602) 888-4957) Date: Thu Oct 22 22:17:29 -0700 1992 So you have found out that _The Little black Book_ is controversial! If you ask the so-called "experts" in viruses, guys like Skulason, or David Stang, or Alan Solomon, they'll tell you they hate the book, and it shouldn't be published. And they are smart enough to avoid saying "don't buy it" so they use a classic Soviet-style disinformation tactic that they've dreamed up and call the code in the book "junk," etc., to try to make people think it isn't worth their while to buy it. That's a lie, and I've had people in the industry tell me so, off the record. I know the code is good, and it works, period. The only "bugs" are as discussed in the book. Now, there isn't anything cute or tricky about the code, and maybe some people call it junk because it isn't an attempt to intimidate the reader, as a Whale-style ultra-cryptic virus would be, etc. These viruses were written purely as instructional examples, and they are straightforward and functional examples, and not an attempt to demonstrate to the world how clever I am. My counter-tactic to this disinformation is to simply ignore the nay-sayers and advertise the book. Plenty of people absolutely love it and buy it and talk about it to their friends. The fact is the little guys who aren't already virus experts want to become more expert in this area. They have good reason for it. They need to understand viruses and be able to combat them from a position of knowledge and not ignorance. The so-called experts don't want the little guys to be expert. They'd rather the little guys keep feeding off of them. And the more the little guys read the book, the more they will quit trusting the establishment anti-viral types. I can send you a packet of unsolicited letters from people who have really liked the book if you or the publisher needs to see them before going ahead. I can guarantee you that the book will probably be as controversial in France as it has been in the US. People will love it and people will hate it. Nobody will be indifferent. My goal in this whole thing is to win a battle with the people who want to keep viruses secret, and I am going to do it. I must say I was somewhat surprised that a major publisher like Eyrolles was ready to buy into the book--if French publishers are anything like their American counterparts. Technical publishers here are extremely conservative and try to avoid controversy as much as possible. If they are having reserva- tions about publishing it i would not be surprised. Please publishe it! From: jbcondat@attmail.com (Jean-Bernard Condat ) Date: Sat Oct 24 13:12:42 GMT 1992 I offer one free copy of _C'est decide! J'ecris mon virus_ to the 20 first CuD's readers that give me their address :-) ====================================================================== Jean-Bernard CONDAT (General Secretary)++++++Chaos Computer Club France [CCCF] B.P. 8005, 69351 Lyon Cedex 08// France //43 rue des Rosiers, 93400 Saint-Ouen Phone: +33 1 40101775, Fax.: +33 1 40101764, Hacker's BBS (8x): +33 1 40102223 ------------------------------ Date: Mon, 2 Nov 1992 12:57:36 EDT From: Dave Banisar Subject: File 2--Clinton Endorses Right to I Clinton Endorses Right to Information Privacy Excerpts from - Clinton/Gore Campaign Pledges Strong Consumer Protections; Blasts Bush/Quayle Record - Oct. 26 * * * A Clinton/Gore Consumer Bill of Rights will include: 1. The Right to Safety - To be protected against the marketing of goods which are hazardous to health or life. 2. The Right to be Informed - To be protected against fraudulent, deceitful, or grossly misleading information, advertising, labeling or other practices, and to be given the facts needed to make an informed choice. 3. The Right to Choose - To be assured, whenever possible, access to a variety of products and services at competitive prices; and in those industries in which competition is not workable and government regulation substituted, an assurance of satisfactory quality and services at fair prices. 4. The Right to be Heard - To be assured that consumer interests will receive full and sympathetic consideration in the formulation of government policy and fair and expeditious treatment in its administrative tribunals. 5. The Right to Consumer Education -- To help consumer education become an integral part of regular school instruction, community services and educational program for people out of school; to ensure that consumers have the assistance necessary to plan and use their resource to their maximum potential and greatest personal satisfaction. 6. The Right to Privacy - To not have information provided by consumers for one purpose used for a separate purpose without the consumer's knowledge and consent. ------------------------------ Date: Mon, 2 Nov 92 13:52:51 -0500 From: sross@CRAFT.CAMP.CLARKSON.EDU(SUSAN M. ROSS) Subject: File 3--Electronic Privacy and Canadian Law Recently in Canada, a cellular conversation between governmental officials was recorded and the transcript given to a radio station that scheduled a special program to air its contents. It dealt with issues related to the recent constitutional referendum in Canada. Although it has been ruled in Quebec that users of cellular phones have no legitimate expectation of privacy, one of the officials got an injunction (in Quebec) on the basis that broadcasting or publishing the conversation would cause irreparable harm to intergovernmental affairs. However, quotes were published by a newspaper in another province. Then, a member of an academic list dedicated to Canadian issues, posted (from the U.S.) a news story on the issue, including quotes. List members are from the U.S., Canada (in and outside Quebec) and elsewhere. The list owner and "home" mainframe are Quebec-based. So, the list owner shut down operations for about a day, consulted with lawyers, and reopened the list with a request that members not post quotes from the transcript while the injunction stood. (The listowner, by choice, does not pre-monitor postings.) Soon the injunction was lifted because the content of the transcript was so readily available that the judge believed the injunction wasn't doing any good. It appears that, in spite of the freedom of expression clause in the Canadian Charter (Section 2-b that says everyone has freedom of expression...in the press...and other media of communication), there was a question whether laws in the criminal code, which may set limits on expression "demonstrably justified in a free society" (Canadian Charter, Section 1) applied to such electronic discussion groups. Without actually contacting lawyers, I don't think I'll be able to figure out whether the fact that Quebec hasn't ratified the Canadian Charter was also at issue. Please note that *I am not a lawyer.* If anybody has additional information on this case, perhaps they could forward it along. Susan Ross Dept. of Tech. Comms. Clarkson University, Potsdam, New York 13699-5760 sross@craft.camp.clarkson.edu ------------------------------ Date: Tue, 03 Nov 92 03:00:44 EST From: mcmullen@MINDVOX.PHANTOM.COM(John F. McMullen) Subject: File 4--Computer Access Arrests In NY (NEWSBYTES reprint ((CR)) GREENBURGH, NEW YORK, U.S.A., 1992 NOV 3 (NB) -- The Greenburgh, New York Police Department has announced the arrest of three individuals, Randy P. Sigman, 40; Ronald G. Pinz, Jr, 21; and Byron J. Woodard, 18 for the alleged crimes of Unauthorized Use Of A computer and Attempted Computer Trespass, both misdemeanors. Also arrested was Jason A. Britain, 22 in satisfaction of a State of Arizona Fugitive From Justice warrant. The arrests took place in the midst of an "OctoberCon" or "PumpCon" party billed as a "hacker get-together" at the Marriott Courtyard Hotel in Greenburgh. . The arrests were made at approximately 4:00 AM on Sunday morning, November 1st. The three defendants arrested for computer crimes were granted $1,000 bail and will be arraigned on Friday, November 6th. Newsbytes sources said that the get together, which had attracted up to sixty people, had dwindled to approximately twenty-five when, at 10:00 Saturday night, the police, in response to noise complaints arrived and allegedly found computers in use accessing systems over telephone lines. The police held the twenty-five for questioning and called in Westchester County Assistant District Attorney Kenneth Citarella, a prosecutor versed in computer crime, for assistance. During the questioning period, the information on Britain as a fugitive from Arizona was obtained and at 4:00 the three alleged criminal trespassers and Britain were charged. Both Lt. DeCarlo of the Greenburgh police and Citarella told Newsbytes that the investigation is continuing and that no further information is available at this time. (Barbara E. McMullen & John F. McMullen/19921103) ------------------------------ Date: Tue, 03 Nov 92 17:22:08 EST From: Gene Spafford Subject: File 5--Tripwire "Integrity Monitor" This is to announce the first public release of "Tripwire." Tripwire is an integrity-monitor for Unix systems. It uses several checksum/signature routines to detect changes to files, as well as monitoring selected items of system-maintained information. The system also monitors for changes in permissions, links, and sizes of files and directories. It can be made to detect additions or deletions of files from watched directories. The configuration of Tripwire is such that the system/security administrator can easily specify files and directories to be monitored or to be excluded from monitoring, and to specify files which are allowed limited changes without generating a warning. Tripwire can also be configured with customized signature routines for site-specific checks. Tripwire, once installed on a clean system, can detect changes from intruder activity, unauthorized modification of files to introduce backdoor or logic-bomb code, (if any were to exist) virus activity in the Unix environment. Tripwire is provided as source code with documentation. The system, as delivered, performs no changes to system files and does not require root privilege to run (in the general case). The code has been beta-tested in a form close to that of this release at over 100 sites world-wide. Tripwire should work on almost any version of Unix, from Xenix on 80386-based machines to Cray and ETA-10 supercomputers. Tripwire may be used without charge, but it may not be sold or modified for sale. Tripwire was written as a project under the auspices of the COAST Project at Purdue University. The primary author was Gene Kim, with the aid and under the direction of Gene Spafford (COAST director). Copies of the Tripwire distribution may be ftp'd from ftp.cs.purdue.edu from the directory pub/spaf/COAST/Tripwire. The distribution is available as a compressed tar file, and as uncompressed shar kits. The shar kit form of Tripwire version 1.0 will also be posted to comp.sources.unix on the Usenet. No mailserver access currently exists for distribution, although we expect some archive sites with such mechanisms will eventually provide access. Questions, comments, complaints, bugfixes, etc may be directed to: genek@mentor.cc.purdue.edu (Gene Kim) spaf@cs.purdue.edu (Gene Spafford) ------------------------------ End of Computer Underground Digest #4.55 ************************************