Computer underground Digest Sun Apr 6, 1997 Volume 9 : Issue 27 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.27 (Sun, Apr 6, 1997) File 1-- OECD releases Crypto Guidlines File 2--OECD Guidlines Released File 3--The Zimmermann Telegram File 4--Moynihan Commission hoisted on petard of Penpal hoax File 5--Rep. Rick White to hold live online town hall meeting 4/10 File 6--UPDATE: Computer Security Script Database File 7--Cu Digest Header Info (unchanged since 1 Apr, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Thu, 3 Apr 1997 18:06:07 GMT From: "ACLU Cyber-Liberties Update Owner"@newmedium.com Subject: File 1-- OECD releases Crypto Guidlines * OECD releases Crypto Guidlines The Organization for Economic Cooperation and Development (OECD) last week announced its new Cryptography Policy Guidelines. Despite pressure from the U.S. government to adopt a U.S.backed key escrow/key recovery system, the leading industrial democracies took a stand that instead strongly suppots privacy rights, and rejects key escrow. International support for a market diven and voluntary system is a huge step, and one the ACLU fully supports. The Global Internet Liberty Coalition (GILC) and the ACLU held a conference in Paris in September during the OECD gathering which contributed to a favorable climate for the guidelines. Both the ACLU and GILC are appreciative of the steps the Organization has taken towards protecting privacy and urging removal of restrictions on cryptography. The Guidelines set out eight basic Principles for cryptography policy: 1.Cryptographic methods should be trustworthy in order to generate confidence in the use of information and communications systems. 2.Users should have a right to choose any cryptographic method, subject to applicable law. 3.Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, businesses and governments. 4.Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international level. 5.The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods. 6.National cryptography policies may allow lawful access to plaintext, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible. 7.Whether established by contract or legislation, the liability ofindividuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated. 8.Governments should co-operate to co-ordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade. The full OECD policy can be found at: http://www.oecd.org/dsti/iccp/crypto_e.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ACLU Cyber-Liberties Update Editor: Lisa Kamm (kamml@aclu.org) American Civil Liberties Union National Office 132 West 43rd Street New York, New York 10036 To subscribe to the ACLU Cyber-Liberties Update, send a message to majordomo@aclu.org with "subscribe Cyber-Liberties" in the body of your message. To terminate your subscription, send a message to majordomo@aclu.org with "unsubscribe Cyber-Liberties" in the body. The Cyber-Liberties Update is archived at http://www.aclu.org/issues/cyber/updates.html For general information about the ACLU, write to info@aclu.org. PGP keys can be found at http://www.aclu.org/about/pgpkeys.html ------------------------------ Date: Thu, 27 Mar 1997 16:53:07 -0500 From: Dave Banisar Subject: File 2--OECD Guidlines Released The OECD Cryptography Policy Guidelines were formally announced today, following an intensive year-long negotiation. EPIC will be posting a complete copy of the Guidelines at our web site [http://www.epic.org/] along with a detailed analysis. Journalists interested in a briefing should contact the Communications Division of the OECD. For further information and inquiries, please contact the Information, Computer and Communications Policy Division (fax (33) 01 45 24 93 32). General information about the OECD may be found at the OECD web site [http://www.oecd.org]. Specific information about the work of the OECD in the areas of security, privacy, intellectual property, and cryptography is available at http://www.oecd.org/dsti/iccp/legal/top-page.html. The OECD Privacy Principles are online at http://www.oecd.org/dsti/iccp/legal/priv-en.html Among the key outcomes: -- Recognition of commercial importance of cryptography. The Guidelines recognize that cryptography is an effective tool for the secure use of information technology by ensuring confidentiality, integrity and availability of data and providing authentication and non-repudiation mechanisms. -- Rejection of key escrow encryption. The US sought endorsement for government access to private keys. Initial drafts of the guidelines included this recommendation. The final draft does not. OECD countries rejected this approach. -- Endorsement of voluntary, market-driven development of crypto products. The OECD emphasized open, competitive markets to promote trade and commerce in new cryptographic methods. -- Endorsement of strong privacy safeguards. The OECD adopted one of strongest privacy principles found in any international agreement, including the obligation to apply the OECD privacy principles to crypto products and services. The OECD also noted favorably the development of anonymous payment schemes which would minimize the collection of personal data. -- Removal of Restriction on Cryptography. The OECD urged member countries to remove, and avoid creating, obstacles to trade based on cryptography policy. This guideline should lead to further liberalization of export control policies among the OECD member countries. EPIC will also provide briefings for organizations interested in the intent and application of the OECD Cryptography Guidelines. Marc Rotenberg Director, EPIC Member, OECD ad hoc Expert Panel on Cryptography Policy ---------------- [http://www.oecd.org/news_and_events/release/nw97-24a.htm]\ OECD News Release Paris, 27 March 1997 OECD ADOPTS GUIDELINES FOR CRYPTOGRAPHY POLICY The OECD has adopted Guidelines for Cryptography Policy, setting out principles to guide countries in formulating their own policies and legislation relating to the use of cryptography. The Recommendation which came before the governing body of the OECD, the Council, on Thursday 27 March, is a non-binding agreement that identifies the basic issues that countries should consider in drawing up cryptography policies at the national and international level. The Recommendation culminates one year of intensive talks to draft the Guidelines. The need for Guidelines emerged from the explosive worldwide growth of information and communications networks and technologies and the requirement for effective protection of the data which is transmitted and stored on those systems. Cryptography is a fundamental tool in a comprehensive data security system. Cryptography can also ensure confidentiality and integrity of data and provide mechanisms for authentication and non-repudiation for use in electronic commerce. Governments want to encourage the use of cryptography for its data protection benefits and commercial applications, but they are challenged to draft cryptography policies which balance the various interest at stake, including privacy, law enforcement, national security, technology development and commerce. International consultation and co-operation must drive cryptography policy because of the inherently international nature of information and communications networks and the difficulties of defining and enforcing jurisdictional boundaries in the new global environment. The Guidelines are intended to promote the use of cryptography, to develop electronic commerce through a variety of commercial applications, to bolster user confidence in networks, and to provide for data security and privacy protection. Some OECD Member countries have already implemented policies and laws on cryptography, and many countries are still developing them. Failure to co-ordinate these national policies at the international level could introduce obstacles to the evolution of national and global information and communications networks and could impede international trade. OECD governments have recognised the importance of international co-operation, and the OECD has contributed by developing consensus on specific policy and regulatory issues related to cryptography and, more broadly, to information and communications networks and technologies. The Guidelines set out eight basic Principles for cryptography policy: 1.Cryptographic methods should be trustworthy in order to generate confidence in the use of information and communications systems. 2.Users should have a right to choose any cryptographic method, subject to applicable law. 3.Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, businesses and governments. 4.Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international level. 5.The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods. 6.National cryptography policies may allow lawful access to plaintext, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible. 7.Whether established by contract or legislation, the liability of individuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated. 8.Governments should co-operate to co-ordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade. The Guidelines advise that the eight elements should be taken as a whole in an effort to balance the various interests at stake. These Principles are designed to assist decision-makers in the public and private sectors in developing and implementing coherent national and international policies for the effective use of cryptography. Member countries should establish new, or amend existing, policies to reflect them. Any national controls on use of cryptography should be stated clearly and be publicly available. Drafting of the Guidelines for Cryptography Policy began in early 1996, when the OECD formed an Ad hoc Group of Experts under the chairmanship of Mr. Norman Reaburn of the Attorney-General's Department of Australia. More than 100 representatives from OECD Member countries participated, including government officials from commerce, industry, telecommunications and foreign ministries, law enforcement and security agencies, privacy and data protection commissions, as well as representatives of private sector. The Business and Industry Advisory Committee to the OECD was involved and experts on privacy, data protection and consumer protection also participated. The policy recommendations in the Guidelines are primarily aimed at governments, but it is anticipated that they will be widely read and followed by both the public and private sectors. Governments will now engage in further consultation to co-ordinate and co-operate on the implementation of the Guidelines. In the future, the Guidelines could form a basis for agreements on specific issues related to international cryptography policy. The Guidelines will soon be published as an OECD document for broad distribution to promote awareness and public discussion of the issues and policies related to cryptography. ------------------------------ Date: Thu, 3 Apr 1997 00:21:30 -0500 (EST) From: ptownson@MASSIS.LCS.MIT.EDU(TELECOM Digest Editor) Subject: File 3--The Zimmermann Telegram ((MODERATORS' NOTE: For those not familiar with Pat Townson's TELECOM DIGEST, it's a an exceptional resource. From the header of TcD: "TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and America On Line. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. Subscriptions are available to qualified organizations and individual readers. Write and tell us how you qualify: * ptownson@massis.lcs.mit.edu * ======" )) SOURCE: TELECOM Digest Thu, 3 Apr 97 00:21:00 EST Volume 17 : Issue 81 Begin forwarded message: Date--Mon, 31 Mar 1997 13:04:45 -0800 (PST) From--Phil Agre Subject--The Zimmermann Telegram =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From-- Dave Del Torto [SMTP--ddt@pgp.com] Sent-- Monday, March 31, 1997 12--00 PM To-- telegram-request@pgp.com Subject-- The Zimmermann Telegram Ladies, Gentlemen & Cryptographers, I'm pleased to announce the imminent release of the premier issue of the new "Zimmermann Telegram" newsletter. The Zimmermann Telegram will be a regularly-published, paper-based, English-language technical update newsletter from PGP's engineering staff, and will cover a variety of cryptographic and other lighthearted topics which we may otherwise be restricted from discussing via electronic media. The newsletter will be sent, in compliance with US law, by regular postal mail to anyone interested in technical information about PGP -- anywhere in the world. If you are now developing PGP-related freeware, shareware, commercial or academic cryptographic software, or you plan in future to become a registered PGP Developer or PGP World Partner (those programs are currently under construction and will be formally announced later) or if you are just interested in technical information about cryptography, we think you'll enjoy reading our newsletter. In the premier issue, along with important updates regarding changes to the PGP packet format, CRC security problems and new extensions to the PGP key format which are not available through any other medium, you'll learn about the significance of the "Zimmermann Telegram" name. Meanwhile, visit this page: . Scheduled to be mailed imminently, the premier issue will be sent free to anyone who provides us with a postal mail address. After that, regular subscriptions will require a modest fee (to be announced) to cover our mailing costs, but we've committed to offering a limited number of free one-year subscriptions to interested members of the cryptography community. To request your free subscription, please send email to me at: In the body of your request, please include the form below (items between the cut-lines ONLY, and preferably PGP-signed), and replace the lines with your complete postal mail address info as indicated. We'll put an HTML subscription form on our website, but for the premier issue, we're managing the subscription process via email. Thank you for your patience as we deploy rapidly. :) ............................. form begins here ............................. The Zimmermann Telegram PGP's Technical Newsletter - Premier Issue & One-Year Free Subscription Request - Subscription Information (Premier Issue): name (optional, but appreciated) title (optional) organization/dept (optional, as appropriate) street address mailstop (optional) city/state/province zip-/postal-code country Free Subscription Category: (please [x] only one) [ ] academic [ ] public library [ ] media maven [ ] human-rights/privacy activist [ ] corporate security [ ] impoverished cypherpunk [ ] software analyst [ ] law enforcement [ ] freedom-fighter [ ] intelligence agency [ ] freeware developer .............................. form ends here .............................. Privacy Lock: If you are concerned about the privacy of your personal information when sent over unsecured public networks, please feel free to encrypt your subscription request to my key, which can be found at: . Pretty Good Privacy Inc will take all reasonable precautions to protect this information and will not use it for any other purpose without first asking your permission. Also, PGP will not sell or give the information to another entity and will store the list securely between mailings. Please feel free to circulate/forward this message (with PGP-signature) among your friends and colleagues (remember: the free subscription offer expires on 30 April 1997). We look forward to your comments on The Zimmermann Telegram and thank you for your continued support of PGP. dave Dave Del Torto +1.415.524.6231 tel Senior Technical Evangelist +1.415.572.1932 fax Pretty Good Privacy, Inc. http://www.pgp.com web X-PGP header key ........................ "The Zimmermann Telegram" ........................ Copyright (c) 1997 Pretty Good Privacy, Inc. All Rights Reserved. PGP and Pretty Good Privacy are registered trademarks of Pretty Good Privacy, Inc. Permission is granted to the reader to reproduce and distribute exact copies of this document, in physical or electronic form, on a non-commercial basis (i.e., at no direct or indirect charge). This document has been made available in hard copy on a subscription basis and is available in public libraries in the United States. Accordingly, and solely for purposes of U.S. Export Control laws and regulations (but not copyright or other intellectual property laws), this document is considered in the "public domain." The information in this document is of an exploratory or experimental nature. As such, it is subject to change without notice and is provided "AS IS." No guarantee is made that it is free of errors or that it will meet your requirements. While we welcome your feedback on this document, we are unable to provide any technical support for its contents. ............................................................................ -----BEGIN PGP SIGNATURE----- Version: PGPmail 5.0 beta Charset: noconv iQCVAwUBM0ANsaHBOF9KrwDlAQG0bAQA17mtcxR860pFRPPdcw4LYL1pEecEoTXW tzBCq0M84aKgv9qamZQeOkyHaxXkHGgyChaHwlsea3Q46avFvJrJfHysz/YGrvy1 qIIDrEQCqVU6emLuOvziiNLefNcj0qv2YLAfLuSy78sCTfOtfmX6IrXf7D3PDwhP oICHxH1iR4E= =gI03 -----END PGP SIGNATURE----- ------------------------------ Date: Thu, 3 Apr 1997 23:09:10 -0600 (CST) From: Crypt Newsletter Subject: File 4--Moynihan Commission hoisted on petard of Penpal hoax From the pages of Crypt Newsletter: April 3, 1997 Pasadena, CA -- In an astonishing gaffe, government intelligence experts writing for the Moynihan Commission's recent "Report . . . on Protecting and Reducing Government Secrecy" reveal they've been hooked on one of the Internet's ubiquitous e-mail computer virus hoaxes known as "Penpal Greetings"! In a boldly displayed boxed-out quote in a part of the report entitled "Information Age Insecurity" authors of the report proclaim: "Friendly Greetings? "One company whose officials met with the Commission warned its employees against reading an e-mail entitled Penpal Greetings. Although the message appeared to be a friendly letter, it contained a virus that could infect the hard drive and destroy all data present. The virus was self-replicating, which meant that once the message was read, it would automatically forward itself to any e-mail address stored in the recipients in-box." The Penpal joke is one in half-a-dozen or so permutations spun off the well-known GoodTimes e-mail virus hoax. Variations on GoodTimes have appeared at a steady rate over the past couple years. Real computer security experts -- as opposed to the Moynihan commission's -- now occasionally worry in the press that they spend more time clearing up confusion created by such tricks than destroying actual computer viruses. The report's authors come from what is known as "the Moynihan commission," a group of heavy Congressional and intelligence agency hitters tasked with critiquing and assessing the Byzantine maze of classification and secrecy regulation currently embraced by the U.S. government. Among the commission's members are its chairman, Daniel Moynihan; vice-chairman Larry Combest, Jesse Helms, ex-CIA director John Deutch and Martin Faga, a former head of the super-secret, spy satellite-flying National Reconnaissance Office. The part of the report dealing with "Information Age Insecurity" merits much more comment. But in light of the report's contamination by the Penpal virus hoax, two paragraphs from the March 4 treatise become unintentionally hilarious: "Traditionally, computer security focuses on containing the effects of malicious users or malicious programs. As programs become more complex, an additional threat arises: _malicious data_ [Crypt Newsletter emphasis added] . . . In general, the outlook is depressing: as the economic incentives increase, these vulnerabilities are likely to be exploited more frequently. ---W. Olin Sibert, 19th National Information Systems Security Conference (October 1996)" And, "Inspector General offices, with few exceptions, lack the personnel, skills, and resources to address and oversee information systems security within their respective agencies. The President cannot turn to an Information General and ask how U.S. investments in information technology are being protected from the latest viruses, terrorists, or hackers." Got that right, sirs. -------------------- Notes: Other authors of the commission report include Maurice Sonnenberg; John Podesta, a White House Deputy Chief of Staff and also, apparently, a visiting professor at Georgetown University's Cyberlaw Center; Ellen Hume, a former reporter for the Wall Street Journal; and Alison Fortier, a former National Security Council staffer and current Rockwell International employee. --------------------- George Smith, Editor Crypt Newsletter http://www.soci.niu.edu/~crypt "In cyberspace, all news is local." ------------------------------ Date: Thu, 3 Apr 1997 23:31:55 -0500 (EST) From: Shabbir Safdar Subject: File 5--Rep. Rick White to hold live online town hall meeting 4/10 Source - fight-censorship@vorlon.mit.edu Government Without Walls Update No.3 http:/www.democracy.net/ April 3 1997 JOIN INTERNET CAUCUS-CO FOUNDER REP. RICK WHITE (R-WA) LIVE ONLINE! Representative Rick White (R-WA), co-founder of the Congressional Internet Caucus and leader on Internet policy issues, will be the guest at democracy.net's first live, interactive 'town hall meeting' on Thursday April 10 at 8:30 pm ET (5:30 pm PST). The town hall meeting, moderated by Wired Magazine's Todd Lappin, will be completely virtual. The discussion will be cybercast live via RealAudio, and listeners can join a simultaneous interactive chat discussion and pose questions to Rep. White. This is a unique opportunity for Internet users to discuss current Internet issues, including efforts to reform US Encryption policy, the future of the Communications Decency Act, the activities of the Congressional Internet Caucus, and others. Details on the event, including instructions on how you can submit questions in advance, are attached below. ___________________________________________________________ INSTRUCTIONS ON HOW TO PARTICIPATE * Interactive Town Hall Meeting with Rep. Rick White (R-WA) * DATE: Thursday, April 10, 1997 TIME: 5:30 pm PST / 8:30 pm EST LOCATION: http://www.democracy.net In advance of the town hall meeting, please visit http://www.democracy.net and fill out the form to ask Rep. White a question. We will collect the questions and forward them to the moderator on the day of the event, and will make every effort to ensure that questions from constituents are asked first. 1. Attend and ask Rep. White a question! Please mark this date in your calendar: Thursday April 10, 5:30PM PST at http://democracy.net/ 2. Get your friends and co-workers to join the discussion Members of Congress love to hear from their constituents. If you have friends that live in the district, please forward this invitation and encourage them to attend. __________________________________________________________ BACKGROUND Congressman Rick White, 43, is serving his second term representing the people of the First Congressional District of Washington state, which includes parts of Seattle, Redmond, and surrounding areas. In 1995, White gained national attention through his work on the Internet and high-technology issues. He was one of a handful of members selected to develop the final Telecommunications Act of 1996. As the founder of the Congressional Internet Caucus, he has worked to educate members of Congress about the Internet and to create a more open, participatory government through the use of technology. Additional Information can be found at the following locations: * Rep. Rick White's Home Page -- http://www.house.gov/white/ * democracy.net Page -- http://www.democracy.net/ ______________________________________________________________ UPCOMING EVENTS Representative Anna Eshoo (D-CA), Internet policy leader from Silicon Valley, will be the guest at democracy.net's interactive 'town hall meeting' on Wednesday April 16 at 8:30 pm ET (5:30 pm PST). Visit http://www.democracy.net for more details. _________________________________________________________________ ABOUT DEMOCRACY.NET The democracy.net is a joint project of the Center for Democracy and Technology (CDT) and the Voters Telecommunications Watch (VTW) to explore ways of enhancing citizen participation in the democratic process via the Internet. To this end, democracy.net will host live, interactive cybercasts of Congressional Hearings and online town hall meetings with key policy makers. democracy.net is made possible through the generous support of WebActive, Public Access Networks, the Democracy Network, and DIGEX Internet. More information about the project and its sponsors can be found at http://www.democracy.net/about/ To receive democracy.net announcements automatically, please visit our signup form at http://www.democracy.net/ ------------------------------ Date: Mon, 24 Mar 1997 15:40:06 -0600 (CST) From: "Scott A. Davis" Subject: File 6--UPDATE: Computer Security Script Database The following is an update to a message posted to CU Digest in recent weeks. The Banzai Institute - Computer Security Scripts and Software Database has been a tremendous success. We currently have over 200 scripts and programs that can be used to test the security on several types of systems in many different ways. As a result of the recent success, we have decided to lower the price of a subscription to this database. OLD SUBSCRIPTION $40.00 per month NEW SUBSCRIPTION $25.00 per quarter $50.00 per six months, etc... We at the Banzai Institute believe that site security is a very important concern. It is for this reason that we have decided to offer this service. The idea being that the only way to truly know how secure your site is, is to hack that site like any other hacker would. We believe that this database will be very useful in securing your site. It makes no sense to pay thousands of dollars for a limited program to check for a limited number of security holes. We provide the user with a continually growing list of bug exploits that include and go beyond those provided by most security auditing software. We do NOT condone the use of this information for illegal or illegitimate use. The database currently contains Sendmail Bugs And Holes, ICMP Bombs, Sniffer Programs, Keytrap Software, Process Manipulators, Password Crackers, Spoofers, Login and Process Monitors, Many root Access Utilities, rdist Tools, passwd file tools, tty Utilities, rexd, yp, etc... Exploits, Packet Re-Routers plus Much, Much More! If you are interested, please visit http://www.banzai-institute.org If you have any questions, please e-mail webmaster@banzau-institute.org ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators Subject: File 7--Cu Digest Header Info (unchanged since 1 Apr, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.27 ************************************