[alt.society.cu-digest] C-u-D, #2.07

TK0JUT2%NIU.BITNET@UICVM.uic.edu (10/15/90)
  ****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 2, Issue #2.07 (October 15, 1990)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
ARCHIVISTS:   Bob Krause / Alex Smith
USENET readers can currently receive CuD as alt.society.cu-digest.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  It is assumed that non-personal mail to the moderators may be
reprinted, unless otherwise specified. Readers are encouraged to submit
reasoned articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
            views of the moderators. Contributors assume all responsibility
            for assuring that articles submitted do not violate copyright
            protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

CONTENTS:
File 1: Moderators' Corner
File 2: Re: IBM mainframe trojan repost <CHRISTMA EXEC>
File 3: CPSR Annual Meeting (Oct. 20-21, 1990)
File 4: Electronic Frontier Foundation Hires Staff Counsel
File 5: 13th Annual National Computer Security Conference (Part 1)
File 6: 13th Annual National Computer Security Conference (Part 2)
File 7: Summary of COMPUTER ETHICS (book)
File 8: Introduction to TOXIC SHOCK

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

----------------------------------------------------------------------

********************************************************************
***  CuD #2.07, File 1 of 8: Moderator's corner                  ***
********************************************************************

From:      Moderators
Subject:   Moderators' Corner
Date:      October 15, 1990

++++++++++++++++++
Miscellaneous comments
++++++++++++++++++

1. MAIL: A few people have received up to TEN copies of a single issue. We
have no idea why. On occasion, we send out duplicates if the mailer
indicates a net-block. Copies go out about 8-10 at a time, and if one batch
is returned, which happens most often on weekends, we repeat the addresses
in that batch individually, so it may happen that some people receive a
duplicate (we have no way of knowing which address caused the failure, so
we re-send all in that batch). However, there is no reason that we, or our
postmaster, can determine that would cause multiple copies to be received.

2. Most recipients on the mailing list will notice that the "TO" header
line is not to their address, but to "tk0jut1." Some people have asked how
(and why) we do this. We simply use the BCC (blind carbon copy) command.
For those asking what kind of system we use, it's an IBM Amdahl, wylbur on
the front end, and, yes, we do wish we had Unix.

3. CENSORSHIP: The article on censorship will be in issue 2.08 along with
an excellent article by Jim Warren on "Political Activity and Computers."

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From:     Wes Morgan <morgan@ENGR.UKY.EDU>
Subject:  Re: IBM mainframe trojan repost <CHRISTMA EXEC>
Date:     Mon, 8 Oct 90 10:44:54 EDT

********************************************************************
***  CuD #2.07: File 2 of 8: From the Mailbag                    ***
********************************************************************

Re: "And a Merry Christmas to All?"
>
>An almost identical version of the IBM Christmas virus that infected
>thousands of computers on IBM's internal mail in December 1987 has
>reportedly been posted on the Bitnet network.

In reality, the CHRISTMA EXEC was reposted to *Usenet*, not Bitnet.  While
some Bitnet sites are part of the Usenet, they are by no means one network.
In addition, the original CHRISTMA EXEC incident involved the entire
Bitnet, not just IBM's internal mail system.

By the way, it would have been far more accurate to refer to CHRISTMA EXEC
as a trojan, rather than a virus........

>The virus puts a tree and
>seasonal greeting message on the screen of infected computers and is known
>to replicate wildly, shutting down computers.

Its method of replication is to send copies of itself to every entry in the
user's NAMES files; Unix users can think of NAMES as an alias file.  It
does NOT infect entire systems; it only acts on the virtual machine of the
user who executes it.

>No word of any infections,
>however.  Bitnet connects computers at more than 200 universities as well
>as to the Earn network in Europe, the entry point of the original virus.

I don't think we'll see much more of this one.  It was posted to a
low-volume newsgroup on Usenet.  A reader of that newsgroup would also
require access to a BITNET site in order to implement the trojan.

Note that the file MUST be sent via SENDFILE; the headers placed on
electronic mail render it useless unless someone strips off the headers and
executes it.

>IBM was forced to shut down its 350,000-terminal network for nearly three
>days to get rid of the virus.

True enough; I strongly suspect that most RSCS handlers now look for and
eliminate any files named CHRISTMA EXEC........8)

A word of warning: IBM users should be extremely cautious of *ANY* EXEC
that simply appears in their reader.  I have heard reports of several
variations on this theme; anyone with a good knowledge of CP and CMS can
imagine some nasty possibilities.

+++++++
  The opinions expressed above are not those of UKECC unless so noted.
Wes Morgan                 \       {rutgers,rayssd,uunet}!ukma!ukecc!morgan
University of Kentucky      \   or morgan@engr.uky.edu
Engineering Computing Center \  or morgan%engr.uky.edu@UKCC.BITNET

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From:      General Posting
Subject:   CPSR Annual Meeting (Oct. 20-21, 1990)
Date:      Oct. 13, 1990

********************************************************************
***  CuD #2.07: File 3 of 8: CPSR Annual Meeting, Oct. 20-21     ***
********************************************************************

   1990 Annual Meeting of Computer Professionals for Social Responsibility

                            October 20, 21, 1990
               Stanford University and Palo Alto, California.

The general public is invited.  For more information, please call the CPSR
National Office at (415) 322-3778.

The CPSR Annual Meeting is a substantive, two-day conference
addressing critical issues facing society because of the impact of
information technology.  The meeting will feature well-known speakers
on subjects such as civil liberties in electronic communication, using
computers for democratic oversight of government, women in the
computing profession, and how the public learns about computers
through the popular media.

Speakers will include:

John Perry Barlow, "Civilizing Cyberspace: Computers, Civil Liberties
and Freedom."

John Perry Barlow, a self-described "techno-crank," has been a Wyoming
cattle rancher, a Republican Party official, and a lyricist with the
Grateful Dead.  He writes articles on computers for MicroTimes and The
Whole Earth Review, and he co-founded the Electronic Frontier
Foundation with Mitch Kapor.

David Burnham, "Turning the Tables: Computer Oversight for Citizens."

David Burnham, a former investigative reporter for The New York Times,
is author of The Rise of the Computer State (1980) and A Law Unto
Itself (1990), an inside look at the Internal Revenue Service.
Burnham also works with the Transactional Records Access Clearinghouse
at Syracuse University, which examines computerized records of Federal
enforcement agencies.

Panel discussion: "Women in Computing: Where We Are, Where We Want to
Be, and How to Get There."

Shari Lawrence Pfleeger, Chair, ACM Committee on Women and Minorities
Donna Lehnoff, Women's Legal Defense Fund
Barbara Simons, National Secretary, Association for Computing Machinery
Dr. Sheila Humphreys, Department of Computer Science, UC Berkeley

Moderated by Dr. Anita Borg, DEC Western Research Laboratory

Panel discussion: "The Media and 'Mythinformation': How and What Does the
Public Learn About Computers?"

Bob Abel   Multi-media expert, Synapse Technologies
Michael Rogers  General editor, Newsweek magazine
Dr. Rudy Rucker,  Science fiction author
Brenda Laurel  Consultant, interactive entertainment

Moderated by Paul Saffo, Institute for the Future

James Fallows will be the speaker at the banquet Saturday evening.
"The Cold War is Over: Who Won?"

The Sunday, October 21, program of the CPSR Annual Meeting will
feature workshops on issues such as computing and civil liberties,
education, workplace issues, computers and the environment, and other
subjects, most self-organized by meeting participants.  There will
also be a workshop on "Organizing for Change in the 90s."

For more information, please call the CPSR National Office at
(415) 322-3778.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Mike Godwin <decwrl!well.sf.ca.us!well!mnemonic@uunet.uu.net>
Subject: Electronic Frontier Foundation Hires Staff Counsel
Date: 9 Oct 90 14:12:02 GMT

********************************************************************
***  CuD #2.07: File 4 of 8: EFF Hires Staff Counsel             ***
********************************************************************

This posting is meant to serve two purposes:

a) formally announcing that I have been hired as staff counsel by the
   Electronic Frontier Foundation, for whom I will investigate
   cases that the EFF may be interested in, and for whom I will be
   coordinating EFF's legal strategy, and

b) letting readers of this newsgroup know how to contact EFF about
   computer-related incidents and cases that raise civil-liberties
   issues in which you think the organization should be interested.

To let EFF know about an interesting or troubling incident or case,
you can send information to my address (mnemonic@well.sf.ca.us) or
to EFF's general address (eff@well.sf.ca.us). The first address
will probably get a slightly faster response, but either is fine.

The U.S. Mail address is the following:

Mike Godwin
c/o Electronic Frontier Foundation
155 Second Street
Cambridge, MA  02141.

I can be reached by phone at 617-864-0665.

Mike Godwin, (617) 864-0665
mnemonic@well.sf.ca.us
Electronic Frontier Foundation

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: Thu, 08 Oct 90 12:01:45 CDT
From: Gordon Meyer (CuD Co-moderator)
Subject: 13th Annual National Computer Security Conference (Part 1)

********************************************************************
***  CuD #2.07: File 5 of 8: NCSC Conference (part 1)            ***
********************************************************************

13th Annual National Computer Security Conference
October 1-4, 1990
Omni Shoreham Hotel
Washington, D.C.
Reported by Gordon Meyer

Dr. Dorothy Denning's presentation, "Concerning Hackers Who Break Into
Computer Systems", was part of the 'ethics' session held the afternoon of
Oct 3rd.

Denning's presentation consisted mainly of data, in the form of quotation
and observations, taken from her recent interviews with approximately ten
self-identified computer hackers.  While her paper offers some suggestions
on how the computer security community could assimilate some of the
information hackers have available, her presentation instead focused on
several thematic concerns she found to be prevalent in the computer
underground.

This was a wise tactical decision on her part, as her argument that hackers
can be of some use to computer security professionals is not only somewhat
unique, but must be considered only after the anti-hacker stereotypes have
been methodically shattered.  Trying to accomplish this in a 20 minute
verbal presentation would be unrealistic.   However, it should be pointed
out that each of the conference attenders did receive the full text of
Denning's paper (in fact, all the papers presented at all the sessions) in
the two-volume proceedings book for the conference.

The data presented at the session highlighted the CU's concern for ethical
and legal issues related to information security.  A large number of the
quotes were taken from Denning's interview with Frank Drake (publisher of
the defunct W.O.R.M. magazine), and focused, in part, on the ethics of
large corporate data bases on individuals, and the NSA's role in providing
standards for data encryption.  Denning also utilized some quotes from
PHRACK Inc (specifically the infamous 'Phoenix Project' announcement) and a
quote concerning the recent spate of CU busts as reported in a past issue
of CuD.  Other excerpts were taken from The Mentor's Guide to Hacking, and
various other statements from her interviews with unidentified hackers.
The overall thrust of all of this was to show that hackers can be concerned
with information technology ethics, their own actions while on a system,
and the future of information technology and the CU in general.

Denning's presentation appeared to be well received by the audience.  By
presenting the actual words of the subjects, rather than summarizing her
findings, the CU was brought to life in a way that most likely many of the
attenders had never seen before.  (Each quote, by the way, was shown on an
overhead projector and dramatically read by Dorothy's husband, Peter
Denning.)   The audience reactions during the presentations where quite
interesting to observe.  Outward displays of hostility, disbelief, and
amusement were common, usually in reaction to statements of freedom, power,
and tales of busts respectively.

After Denning's presentation there was time for a few questions and
audience comments.  One comment was from a West German attender and
concerned the Chaos Club.  He told of Cliff Stoll's hacker adversary and
how "three disks of VMS information was sold to the KGB" despite denials
that such a thing had been done.  His conclusion, emphatically stated, was
that "you can't believe what hackers tell you, you can't trust them!".
This comment received an enthusiastic burst of applause from the crowd.

The panel session, "Hackers: Who Are They?", was held Thursday morning.
The session was moderated by Denning, and consisted of the following
panelists:

    Katie Hafner, author. Currently writing a book on Mitnick,
                  Pengo, and Morris.
    Frank Drake, former publisher of W.O.R.M. magazine.
    Emmanuel Goldstein, publisher of 2600 magazine.
    Craig Neidorf, former co-publisher of PHRACK Inc.
    Sheldon Zenner, defense attorney in the Neidorf/Phrack case.
    Gordon Meyer, co-moderator of Computer Underground Digest.

Denning opened the session by stating that although her initial intentions
were to bring actual hackers in for the session, criticisms that doing so
would be giving "aid and comfort to the enemy" convinced her that the next
best thing, utilizing people who were closely associated with the CU, would
be more prudent. This theme, aggrandizing computer criminals, would surface
two or three more times during the session.

Denning started the session off by presenting each panelist with one or two
questions to answer.  These questions served to introduce both the speaker
and various aspects of the computer underground.  Her first question was to
Hafner, and addressed the concern that by writing about hackers,
impressionable young readers might be attracted to the "fame and glory" of
the enterprise.  Hafner's answer essentially focused on the hardship and
emotional/financial loss each of her subjects had suffered as a result of
their activities. Hardly a glorified or attractive picture of hacking.

Other introductory questions dealt with Zenner's summary of the
Neidorf/Phrack case, Frank Drake defined "cyberpunk" and his motives in
founding W.O.R.M. magazine, Goldstein discussed 2600 magazine, Neidorf on
PHRACK Inc, and Meyer on CuD and defining the computer underground.

A number of themes emerged from the questions that were asked by the
conference attenders:

    First Amendment rights, and the publication of stolen information.

    Morality of publishing information that could be used to break the law.

    Possible implications of hacking into a system that would threaten the
    life and/or safety of others. (such as a hospital computer)

    The obligation of companies to secure their own systems, and possible
    legal complications that could arise if they fail to do so.

    The perception that corporations overstate the financial impact of CU
    activity.  How much does it really cost you for a hacker to "steal" 3
    seconds of CPU time?

    Possible use of CU members or skills by organized crime.

    Ways in which companies or organizations could provide a means for CU
    members to provide information on security holes, without risking
    reprisal.

There were many more questions and comments, but unfortunately the session
was not recorded.  Perhaps what was even more interesting than the comments
and answers themselves was the emotional reaction of the audience.

Of the approximately 1600 people that registered for the conference around
250 attended this session.  Scheduled to run about an hour and half, it
lasted nearly two hours with a number of questions still remaining to be
asked.  Audience attention and participation was high, but couldn't be
described as very "friendly" at times.  Subjects that seemed especially
"hot" included the financial impact of hacking, and the ease of reading and
utilizing information found in personal email.

The session went quite well, with many ideas and views being exchanged on
both sides.  There was a feeling that some good ideas and concepts had
surfaced, and perhaps both sides had learned something about the other.
There was, however, a definite adversarial feeling in the air. The
panelists did, for the most part, manage to keep from being cast as
apologists for the CU and were straight forward with their views and
opinions.  Goldstein and Drake in particular served to "ease over" a couple
of tough questions with the application of appropriate humor.  (eg: Hey, if
it wasn't for hackers some of you wouldn't have a job!)

Denning should be congratulated and thanked for her efforts to bring some
dialogue between the CU and security professionals.  This session should be
an example of the mutual benefit such meetings can bring about.  If the
further efforts in this direction are made, rather than worrying about the
politics and appearances of meeting with hackers, perhaps some moderation
can be brought to both sides of the issue.  Hyperbole and hysteria are
hardly productive for either group, and only by shattering stereotypes and
finding common ground will any resolution be possible.  Let's hope that
future meetings of the profession will allow for further discussions of
this type.

Postscript: It was great to meet the many CuD readers that came up and
introduced themselves after the session.  Thanks for your comments and kind
words.  Also, welcome to the new CuD subscribers that were picked up as a
result of this conference.  Additional comments and observations regarding
any aspect of the conference are most welcome from any CuD reader, send
them in!

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: Thu, 11 Oct 90 22:04:28 CDT
From: "Craig M. Neidorf" <C483307@UMCVMB.BITNET>
Subject: 13th Annual National Computer Security Conference (Part 2)

********************************************************************
***  CuD #2.07: File 6 of 8: NCSC Conference (part 2)            ***
********************************************************************

13th Annual National Computer Security Conference
October 1-4, 1990
Omni Shoreham Hotel
Washington, D.C.
A "Knight Lightning" Perspective
by Craig M. Neidorf

Dr. Dorothy Denning first hinted at inviting me to take part on her panel
"Hackers:  Who Are They?" in May 1990 when we first came into contact while
preparing for my trial.  At the time I did not feel that it was a very good
idea since no one knew what would happen to me over the next few months.  At
the conclusion of my trial I agreed to participate and surprisingly, my
attorney, Sheldon Zenner (of Katten, Muchin, & Zavis), accepted an invitation
to speak as well.

A few weeks later there was some dissension to the idea of having me appear at
the conference from some professionals in the field of computer security.  They
felt that my presence at such a conference undermined what they stood for and
would be observed by computer "hackers" as a reward of sorts for my notoriety
in the hacker community.  Fortunately Dr. Denning stuck to her personal values
and did not exclude me from speaking.

Unlike Gordon Meyer, I was unable to attend Dr. Denning's presentation
"Concerning Hackers Who Break Into Computer Systems" and the ethics sessions,
although I was informed upon my arrival of the intense interest from the
conference participants and the reactions to my now very well known article
announcing the "Phoenix Project."

Not wishing to miss any more class than absolutely necessary, I arrived in
Washington D.C. late in the day on Wednesday, October 4th.  By some bizarre
coincidence I ended up on the same flight with Sheldon Zenner.

I had attended similar conventions before such as the Zeta Beta Tau National
Convention in Baltimore the previous year, but there was something different
about this one.  I suppose considering what I have been through it was only
natural for me to be a little uneasy when surrounded by computer security
professionals, but oddly enough this feeling soon passed as I began to
encounter friends both old and new.

Zenner and I met up with Dorothy and Peter Denning and soon after I met Terry
Gross, an attorney hired by the Electronic Frontier Foundation who had helped
with my case in reference to the First Amendment issues.  Emmanuel Goldstein,
editor of 2600 Magazine and probably the chief person responsible for spreading
the news and concern about my indictment last Spring, and Frank Drake, editor
of W.O.R.M. showed up.  I had met Drake once before.  Finally I ran into Gordon
Meyer.

So for a while we all exchanged stories about different events surrounding our
lives and how things had changed over the years only to be interrupted once by
a odd gentleman from Germany who inquired if we were members of the Chaos
Computer Club.  At the banquet that evening, I was introduced to Peter Neumann
(who among many other things is the moderator of the Internet Digest known as
"RISKS") and Marc Rotenberg (Computer Professionals for Social Responsibility).

Because of the great interest in the ethics sessions and comments I had heard
from people who had attended, I felt a strange irony come into play.  I've
hosted and attended numerous "hacker" conventions over the years, the most
notable being "SummerCon".  At these conventions one of the main time consuming
activities has always been to play detective and attempt to solve the mystery
of which one of the guests or other people at the hotel were there to spy on us
(whether they were government agents or some other form of security personnel).

So where at SummerCon the youthful hackers were all racing around looking for
the "feds," at the NCSC I wondered if the security professionals were reacting
in an inverse capacity... Who Are The Hackers?  Despite this attitude or maybe
because of it, I and the other panelists, wore our nametags proudly with a
feeling of excitement surrounding us.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

October 4, 1990

Dorothy Denning had gathered the speakers for an early morning brunch and I
finally got a chance to meet Katie Hafner in person.  The panelists discussed
some possibilities of discussion questions to start off the presentation and
before I knew it, it was time to meet the public.

As we gathered in the front of the conference room, I was dismayed to find that
the people in charge of the setting up the nameboards (that would sit in front
of each panelist) had attended the Cook school of spelling and labeled me as
"Neirdorf."  Zenner thought this was hysterical.  Luckily they were able to
correct the error before we began.

                            Hackers:  Who Are They?

Dr. Denning started the presentation by briefly introducing each panelist and
asking them a couple of questions.

Katie Hafner disputed the notion that her work has caused a glorification
of hacking because of the severe hardships the people she interviewed had to
endure.  I found myself sympathizing with her as I knew what it was like to
be in their positions.  Many people commented later that her defense of Mitnick
seemed a little insincere as he had indeed committed some serious acts.  Not
knowing all of the details surrounding Mitnick's case and not relying on the
general newsmedia as a basis for opinion I withheld any sort of judgment.

Emmanuel Goldstein and Frank Drake appeared to take on the mantle of being the
spokespersons for the hackers, although I'm unsure if they would agree with
this characterization.  Drake's main point of view dealt with the idea that
young hackers seek to be able to use resources that they are otherwise excluded
from.  He claimed to once have been a system intruder, but now that he is in
college and has ample computing resources available to him, he no longer sees a
need to "hack."

Goldstein on the other hand sought to justify hacking as being beneficial to
society because the hackers are finding security holes and alerting security to
fix these problems before something catastrophic occurs.

Gordon Meyer tried to explain the hacker mind-set and how the average hackers
does not see using corporate resources as having a real financial burden to
today's companies.  Some people misunderstood his remarks to be speaking from a
factual position and took offense, stating that the costs are great indeed.
He also explained the differences between Phrack and the Computer Underground
Digest.  Most notable is that CuD does not print tutorials about computer
systems.

Sheldon Zenner focused on the freedom of the speech and press issues.  He also
spoke about technical details of the U.S. v. Neidorf case and the court rulings
that resulted from it.  One major point of interest was his quite reasonable
belief that the courts will soon be holding companies financially liable for
damages that may occur because of illegal intrusion into their systems.  This
was not to suggest that a criminal defense strategy could be that a company did
not do enough to keep an intruder out, but instead that the company could be
held civilly liable by outside parties.

Zenner and Denning alike discussed the nature of Phrack's articles.  They found
that the articles appearing in Phrack contained the same types of material
found publicly in other computer and security magazines, but with one
significant difference.  The tone of the articles.  An article named "How to
Hack Unix" in Phrack usually contained very similar information to an article
you might see in Communications of the ACM only to be named "Securing Unix
Systems."  But the differences were more extreme than just the titles.  Some
articles in Phrack seemed to suggest exploiting security holes while the
Communications of the ACM concentrated more on fixing the problem.  The
information in both articles would be comparable, but the audiences reading and
writing these articles were often very different.

I explained the concept and operation of Phrack and wandered into a discussion
about lack of privacy concerning electronic mail on the Internet from
government officials, system managers, and possibly even by hackers.  I went on
to remark that the security professionals were missing the point and the
problem.  The college and high-school students while perhaps doing some
exploration and causing some slight disturbances are not the place to be
focusing their efforts.  The real danger comes from career criminals and
company insiders who know the systems very well from being a part of it.  These
people are the source of computer crime in this country and are the ones who
need to be dealt with.  Catching a teenage hacker may be an easier task, but
ultimately will change nothing.  To this point I agreed that a hacker gaining
entry and exposing holes on computer systems may be a service to some degree,
but unlike Goldstein, I could not maintain that such activity should bring
prosecutorial immunity to the hacker. This is a matter of discretion for
security personnel and prosecutors to take into consideration.  I hope they do.

To a large degree I was rather silent on stage.  Perhaps because I was cut off
more than once or maybe even a little stagefright, but largely because many of
the questions posed by the audience were wrong on their face for me to answer.
I was not going to stand and defend hacking for its own sake nor was I there to
explain the activities of every hacker in existence.

So I let Goldstein and Drake handle questions geared to be answered by a system
intruder and I primarily only spoke out concerning the First Amendment and
Phrack distribution.  In one instance a man upset both by Drake's comments
about how the hackers just want to use resources they can't get elsewhere and
by Goldstein's presentation of the Operation Sun-Devil raids and the attack on
"Zod" in New York spoke up and accused us of being viciously one sided.

He said that none of us (and he singled me out specifically) look to be age 14
(he said he could believe I was 18) and that "our" statement that its ok for
hackers to gain access to systems simply because they lacked the resources
elsewhere meant it was ok for kids to steal money to buy drugs.

I responded by asking him if he was suggesting that if these "kids" were rich
and did not steal the money, it would be ok to purchase drugs?  I was sure that
it was just a bad analogy so I changed the topic afterwards.  He was right to a
certain extent, all of the hackers are not age 14 or even in highschool or
college, but is this really all that important of a distinction?

The activities of the Secret Service agents and other law enforcement officials
in Operation Sun-Devil and other investigations have been overwhelming and very
careless.  True this is just their standard way of doing business and they may
not have even singled out the hackers as a group to focus excess zeal, but
recognizing that the hackers are in a worst case scenario "white-collar
offenders," shouldn't they alter their technique?  Something that might be
important to make clear is that in truth my indictment and the indictments on
members of the Legion of Doom in Atlanta had absolutely nothing to do with
Operation Sun-Devil despite the general media creation.

Another interesting point that was brought out at the convention was that there
was so much activity and the Secret Service kept so busy in the state of
Arizona (possibly by some state official) concerning the hacker "problem" that
perhaps this is the reason the government did not catch on to the great Savings
& Loan multi-Billion dollar loss.

One gentleman spoke about his son being in a hospital where all his treatments
were being run by computer.  He added that a system intruder might quite by
accident disrupt the system inadvertently endangering his son's life.  Isn't
this bad?  Obviously yes it is bad, but what was worse is that a critical
hospital computer system would be hooked up to a phoneline anyway.  The main
reason for treatment in a hospital is so that the doctors are *there* to
monitor and assist patients.  Could you imagine a doctor dialing in from home
with a modem to make his rounds?

There was some discussion about an editor's responsibility to inform
corporations if a hacker were to drop off material that he/she had breached
their security.  I was not entirely in opposition to the idea, but the way I
would propose to do it was probably in the pages of a news article.  This may
seem a little roundabout, but when you stop and consider all of the private
security consultants out there, they do not run around providing information to
corporations for free.  They charge enormous fees for their services.  There
are some organizations that do perform services for free (CERT comes to mind),
but that is the reason they were established and they receive funding from the
government which allows them to be more generous.

It is my belief that if a hacker were to give me some tips about security holes
and I in turn reported this information to a potential victim corporation, the
corporation would be more concerned with how and from whom I got the
information than with fixing the problem.

One of the government's expert witnesses from U.S. v. Neidorf attended this
session and he prodded Zenner and I with questions about the First Amendment
that were not made clear from the trial.  Zenner did an excellent job of
clarifying the issues and presenting the truth where this Bellcore employee
sought to show us in a poor light.

During the commentary on the First Amendment, Hafner, Zenner, and I discussed a
July 22, 1988 article containing a Pacific Bell telephone document copied by a
hacker and sent to John Markoff that appeared on the front page of the New York
Times.  A member of the audience said that this was ok, but the Phrack article
containing the E911 material was not because Phrack was only sent to hackers.
Zenner went on to explain that this was far from true since private security,
government employees, legal scholars, reporters, and telecom security personnel
all received Phrack without discrimination.  There really is a lot that both
the hackers and security professionals have to learn about each other.

It began to get late and we were forced to end our session.  I guess what
surprised me the most were all of the people that stayed behind to speak with
us.  There were representatives from NASA, U.S. Sprint, Ford Aerospace, the
Department of Defense, a United States Army Lt. Colonel who all thanked us
for coming to speak.  It was a truly unique experience in that a year ago I
would have presumed these people to be fighting against me and now it seems
that they are reasonable, decent people, with an interest in trying to learn
and help end the problems.  I also met Mrs. Gail Meyer for the first time in
person as well.

I was swamped with people asking me how they could get Phrack and for the most
part I referred them to Gordon Meyer and CuD (and the CuD ftp).  Just before we
went to lunch I met Donn Parker and Art Brodsky, an editor from Communications
Daily.  So many interesting people to speak with and so little time.  I spent a
couple hours at the National Gallery of Art with Emmanuel Goldstein, flew back
to St. Louis, and returned to school.

It was definitely an enLightening experience.

++++++++++++++++++++++++++++++

A very special thank you goes to Dorothy Denning, a dear friend who made it
possible for me to attend the conference.

:Craig M. Neidorf a/k/a Knight Lightning

 C483307 @ UMCVMB.MISSOURI.EDU
 C483307 @ UMCVMB.BITNET

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: Thu, 08 Oct 90 12:02:51 CDT
From: Gordon Meyer (CuD Co-moderator)
Subject: Summary of COMPUTER ETHICS (book)

********************************************************************
***  CuD #2.07: File 7 of 8: Summary of "Computer Ethics" (book) ***
********************************************************************

Here's a recently published book that will be of interest to CuD readers.
This summary has been taken, verbatim, from the flaps of the dust jacket.

_Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing_
Forester, Tom and Perry Morrison
1990.   The MIT Press. Cambridge, Massachusetts.
ISBN 0-262-06131-7   (hardcover)
Price paid: $19.95  193 pages, with index

_Computer Ethics_ exposes the dangers of letting society rely too heavily
on computers..  Written by two insiders, it provides balanced and
authoritative coverage of such topics as software unreliability, computer
crime, software theft, hacking, viruses, unmanageable complexity, invasions
of privacy, "artificial intelligence," and degraded work.

The authors describe these problem areas with fascinating, often dramatic
examples of computer abuse and misuse, augmented by extensive notes and
references, role-playing exercises, and hypothetical situations.  There
are suggestions for further discussion at the end of each chapter.

Forester and Morrison argue that it is the nature of computer systems to
be unreliable, insecure, and unpredictable, and that society must face
the consequences.  _Computer Ethics_ is an outgrowth of the authors' work
with computer science student, focusing on the ethical dilemmas these
students will confront as professionals.

About the authors:

Tom Forester teaches in the School of Computing and Information Technology
at Griffith University in Queensland, Australia, and is author or editor
of six books on technology and society.  Perry Morrison is Lecturer in
Computing at the University of New England, New South Wales, Australia.

Table of Contents:

Preface and Acknowledgements

1   Introduction: Our Computerized Society
    Some problems created for Society by Computers - Ethical Dilemmas
    for computer professionals and users

2   Computer Crime
    The rise of the high-tech heist - Is reported crime the tip of an
    iceberg? - Targets of the computer criminal - Who are the computer
    Criminals? - Improving computer security - Suggestions for further
    discussion

3   Software Theft
    The growth of software piracy - Revenge of the nerds? - Intellectual
    property rights and the law - Software piracy and industry progress
    - Busting the pirates - Suggestions for further discussion

4   Hacking and Viruses
    What is hacking? - Why do hackers 'hack'? - Hackers: criminals or
    modern-day robin hoods? - Some 'great' hacks - Worms, trojan horses
    and time bombs - The virus invasion - Ethical issues - Suggestions
    for further discussion

5   Unreliable Computers
    Most information systems are failures - Some great software disasters
    - Warranties and disclaimers - Why are complex systems so
    unreliable? - What are computer scientists doing about it? -
    Suggestions for further discussion

6   The Invasion of Privacy
    Database disasters - Privacy legislation - Big brother is watching
    you - The surveillance society - Just when you thought no one was
    listening - Computers and elections - Suggestions for further
    discussion

7   AI and Expert Systems
    What is AI? - What is intelligence? - Expert systems - Legal problems
    - Newer developments - Ethical issues: is AI a proper goal? -
    Conclusion: the limits of hype - Suggestions for further discussion

8   Computerizing the workplace
    Computers and employment - Computers and the quality of worklife:
    'De-skilling' - Productivity and People: stress, monitoring, de-
    personalization, fatigue and boredom - Health and safety issues:
    VDT's and the RSI debate - Suggestions for further discussion

Appendix  Autonomous Systems: the case of 'Star Wars'

Index

----
CuD would welcome a review and/or summary of this book.  If any CuD-ites
are interested, please send one in!

Terra Primum!

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: kk4fs!bloody@CRDGW1.GE.COM(Bloody Afterbirth)
Subject: Introduction to TOXIC SHOCK
Date: Wed, 10 Oct 90 20:49:32 EDT

********************************************************************
***  CuD #2.07: File 8 of 8: Introduction to TOXIC SHOCK         ***
********************************************************************

{We have been asked by various readers for information on Toxic
Shock, so we asked the group to provide an introduction/summary,
which they did (moderators)}.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*


                            .
                         .:::::.               .::::::::.
                     ...:::::::::..           ::::::::::::
                  ..:::::::::::::::::..      :::::     ::::
                .:::     :::::::     :::.    :::::.      :
                 ::       :::::       ::      :::::::.
                  :        :::        :        :::::::::.
                           :::                    ::::::::
                           :::                        :::::
                          :::::               :        ::::
                          :::::  oxic        :::......::::  hock
                        .:::::::.             :::::::::::
                       :::::::::::             :::::::::

                                      by

                              Bloody Afterbirth

!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@

   By request, I present you with some info about Toxic Shock...

   Our main purpose in existence is to piss someone off.

   Originally, we did this (quite well, I like to think) by being
disgustingly explicit, both sexually and violently.  We did parodies of the
B-I-B-L-E <gasp>, made fun of nouns (people, places, things!), and basically
tried to be as raunchy as we could, with or without a serious message.

   We slowly began to change...  Our stories became less explicit,
sometimes, and became more dramatic, with unusual endings and some form of
meaning/message/moral behind them.  We began to mix our utter bullshit with
things of a more serious nature, though only the message behind what we did
may have seemed serious.  We were still being raunchy, but we were doing it
to get a point across, then.

   Our movement away from the original stories was agonizingly slow and we
regressed several times along the way...  I wanted the group to become a
force (hopefully) for change...  I wanted to educate people about things, to
try to open their eyes about certain issues in society and life...
Eventually, the others began to see it my way...

   It was about that time that we first excerpted from magazines and
pamphlets...  We began to get pissed off about environmental issues, social
issues, political issues, etc..  Our files and those things that we
excerpted began to reflect this.

   About that time I wrote a story called The Final Conflict which, on the
surface, was the final battle between My Lord Fetus and that weak spined
fool of a deity we call Coathanger...  As I pointed out in the file, it was
designed to present my views on drugs, abortion, sex, etc., and to make
people think about these issues for themselves.

   That was, I like to think, the herald of a new age for Toxic Shock.

   We began excerpting more and more, from HIGH TIMES, Omni, GreenPeace
literature, etc..  What we were reading pissed us off, what we saw on the
news pissed us off...  And the fact that noone was doing anything about
those things pissed us off.

   So, we tried our best to get this information to the people, and
hopefully to make someone, somewhere, angry enough to help us fight the
corruption in our government and society, and the morally WRONG policies set
by our government.

   That is where we were, and that is where we are now.

   We embrace the Underground, for it is our home.

   What we have called the Underground includes the Hacker Society that has
been rapidly declining since around 1985, and the Drug Culture.  This makes
us look bad, nasty, and evil, and we really don't care much...  Because the
people we want to reach out to are open minded enough to listen to what we
have to say, and are able to weigh the information in their heads and make
up their own minds about things like drug legalization, terrorist attacks
such as Operation Sun Devil, and other such issues.

   We continue to excerpt from magazines, take things that we find floating
along the networks, and basically try to get in your face with the Other
Viewpoint to all of the propaganda that the government and big pressure
groups feed those Television Addicts.

   The citizens of the United States do not seem to realize, do not seem to
care, that the name of the country will soon be changed to United Police
State of America...  We try to help people see that this is happening, that
the Rights to Free Speech, Thought, and Action, which are supposedly
Inalienable, are being systematically stripped from all the people...

   Unfortunately, this has proven to be difficult because, as of right now,
we have only three members...Even by the most lenient of measures, the most
we have ever had at one time has been six...  Admittedly, we've done over
one hundred files with three people alone, but we could really use some help
in our effort to Educate...

   Soooooo...For the future...Ideally, we will help prevent the situation in
America, the Home of the Slave, from getting any worse, and help to speed up
the radical reforms and changes that are necessary in the ideals, morals,
attitudes and policies of the people of this country...and the world...


                (c)October 1990  Bloody Afterbirth/Toxic Shock
       .....Reproduce at will, with no modifications to the text.....

      Toxic Shock are not affiliated with CuD (not YET!), so if you are
      wanting to contact one of us, please don't bother the moderators.
       Bloody Afterbirth can be found on Lunatic Labs and Ripco, or if
        you prefer to use USENET or Internet, shoot something to this
                           guy, he'll pass it on...

               sixhub!kk4fs!lynched   -or-   lynched@kkf4s.uucp

       You can also call the Centre Of Eternity at 615.552.5747 (12/24)
          The Sop can get you in touch with one of us eventually...