Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 10 Issue 04
Computer underground Digest Sun Jan 18, 1998 Volume 10 : Issue 04
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #10.04 (Sun, Jan 18, 1998)
File 1--IP: New Internet Regulations Codify PRC Internet Practice
File 2--"Underground", Suelette Dreyfus
File 3--"MS Sucks...."
File 4--Re: More on "Microsoft Evil?"
File 5--Contribution In response to "Is Microsoft Evil"
File 6--Review - Privacy on the Line. The Politics of Wiretapping...
File 7--Another UNICEF/Mitnick story
File 8--Eff announces Barry Steinhardt to BoD
File 9--Cu Digest Header Info (unchanged since 7 May, 1997)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Tue, 6 Jan 1998 15:47:06 -0800
From: "(--Todd Lappin-->)" <telstar@wired.com>
Subject: File 1--IP: New Internet Regulations Codify PRC Internet Practice
Source - fight-censorship@vorlon.mit.edu
Forwarded from Dave Farber... the full text of the new Chinese regulations
are included. My favorites:
(5) Making falsehoods or distorting the truth, spreading rumors, destroying
the order of society;
(6) Promoting feudal superstitions, sexually suggestive material, gambling,
violence, murder,
(8) Injuring the reputation of state organs;
--Todd-->
New Regulations Codify PRC Internet Practice
On December 30, 1997, the Ministry of Public Security promulgated the
Regulations on the Security and Management of Computer Information Networks
and the Internet [Jisuanji Xinxi Wangluo Lianwang Anquan Baohu Guanli
Banfa]. The State Council approved these new regulations on December 11,
1997. The new regulations appear to be much more a codification of existing
practice than an important departure in the management of computer
information networks in China. The new regulations are more detailed than
the "PRC Temporary Regulations on Computer Information Network and Internet
Management" and "Notice on Strengthening the Management of Computer
Information Network and Internet Registration Information" both of February
1996 and the "Temporary Regulations on Electronic Publishing" of March 1996.
.
The new December 1997 regulations as well as earlier PRC regulations on the
Internet and electronic puiblishing are to be found in GB-encoded Chinese
text listed on the web page at <http://www.edu.cn/law>http://www.edu.cn/law
The full Chinese text of the new regulations are to be found at
<http://www.edu.cn/law/glbf.html>http://www.edu.cn/law/glbf.html The new
regulations are translated in full
below.
--------------------------------------------------
Computer Information Network and Internet Security, Protection and
Management Regulations
(Approved by the State Council on December 11 1997 and promulgated by the
Ministry of Public Security on December 30, 1997)
Chapter One Comprehensive Regulations
Section One -- In order to strengthen the security and the protection of
computer information networks and of the Internet, and to preserve the
social order and social stability, these regulations have been established
on the basis of the "PRC Computer Information Network Protection
Regulations", the "PRC Temporary Regulations on Computer Information
Networks and the Internet" and other laws and administrative regulations.
Section Two -- The security, protection and management of all computer
information networks within the borders of the PRC fall under these
regulations.
Section Three -- The computer management and supervision organization of the
Ministry of Public Security is responsible for the security, protection and
management of computer information networks and the Internet. The Computer
Management and Supervision organization of the Ministry of Public Security
should protect the public security of computer information networks and the
Internet as well as protect the legal rights of Internet service providing
units and individuals as well as the public interest.
Section Four -- No unit or individual may use the Internet to harm national
security, disclose state secrets, harm the interests of the State, of
society or of a group, the legal rights of citizens, or to take part in
criminal activities.
Section Five -- No unit or individual may use the Internet to create,
replicate, retrieve, or transmit the following kinds of information:
(1) Inciting to resist or breaking the Constitution or laws or the
implementation of administrative regulations;
(2) Inciting to overthrow the government or the socialist system;
(3) Inciting division of the country, harming national unification;
(4) Inciting hatred or discrimination among nationalities or harming the
unity of the nationalities;
(5) Making falsehoods or distorting the truth, spreading rumors, destroying
the order of society;
(6) Promoting feudal superstitions, sexually suggestive material, gambling,
violence, murder,
(7) Terrorism or inciting others to criminal activity; openly insulting
other people or distorting the truth to slander people;
(8) Injuring the reputation of state organs;
(9) Other activities against the Constitution, laws or administrative
regulations.
Section Six No unit or individual may engage in the following activities
which harm the security of computer information networks:
(1) No-one may use computer networks or network resources without getting
proper prior approval
(2) No-one may without prior permission may change network functions or
to add or delete information
(3) No-one may without prior permission add to, delete, or alter
materials stored, processed or being transmitted through the network.
(4) No-one may deliberately create or transmit viruses.
(5) Other activities which harm the network are also prohibited.
Section Seven The freedom and privacy of network users is protected by law.
No unit or individual may, in violation of these regulations, use the
Internet to violate the freedom and privacy of network users.
Chapter 2 Responsibility for Security and Protection
Section 8 Units and individuals engaged in Internet business must accept the
security supervision, inspection, and guidance of the Public Security
organization. This includes providing to the Public Security organization
information, materials and digital document, and assisting the Public
Security organization to discover and properly handle incidents involving
law violations and criminal activities involving computer information
networks.
Section 9 The supervisory section or supervisory units of units which
provide service through information network gateways through which
information is imported and exported and connecting network units should,
according to the law and relevant state regulations assume responsibility
for the Internet network gateways as well as the security, protection, and
management of the subordinate networks.
Section 10 Connecting network units, entry point units and corporations that
use computer information networks and the Internet and other organizations
must assume the following responsibilities for network security and
protection:
(1) Assume responsibility for network security, protection and management
and establish a thoroughly secure, protected and well managed network.
(2) Carry out technical measures for network security and protection. Ensure
network operational security and information security.
(3) Assume responsibility for the security education and training of network
users
(4) Register units and individuals to whom information is provided. Provide
information according to the stipulations of article five.
(5) Establish a system for registering the users of electronic bulletin
board systems on the computer information network as well as a system for
managing bulletin board information.
(6) If a violation of articles four, five, six or seven is discovered than
an unaltered record of the violation should be kept and reported to the
local Public Security organization.
(7) According to the relevant State regulations, remove from the network and
address, directory or server which has content in violation of article five.
Section 11 The network user should fill out a user application form when
applying for network services. The format of this application form is
determined by Public Security.
Section 12 Connecting network units, entry point units, and corporations
that use computer information networks and the Internet and other
organizations (including connecting network units that are inter-provincial,
autonomous region, municipalities directly under the Central Government or
the branch organization of these units) should, within 30 days of the
opening of network connection, carry out the proper registration procedures
with a unit designated by the Public Security organization of the
provincial, autonomous region, or municipality directly under the Central
Government peoples' government.
The units mentioned above have the responsibility to report for the record
to the local public security organization information on the units and
individuals which have connections to the network. The units must also
report in a timely manner to Public Security organization any changes in the
information about units or individuals using the network.
Section 13 People who register public accounts should strengthen their
management of the account and establish an account registration system.
Accounts may not be lent or transferred.
Section 14 Whenever units involved in matters such as national affairs,
economic construction, building the national defense, and advanced science
and technology are registered, evidence of the approval of the chief
administrative section should be shown.
Appropriate measures should be taken to ensure the security and protection
of the computer information network and Internet network links of the units
mentioned above.
Chapter Three Security and Supervision
Section 15 The provincial, autonomous region or municipal Public Security
agency or bureau, as well as city and county Public Security organizations
should have appropriate organizations to ensure the security, protection and
management of the Internet.
Section 16 The Public Security organization computer management and
supervision organization should have information on the connecting network
units, entry point unit, and users, establish a filing system for this
information, maintain statistical information on these files and report to
higher level units as appropriate.
Section 17 The Public Security computer management and supervision
organization should have establish a system for ensuring the security,
protection and good management of the connecting network units, entry point
unit, and users. The Public Security organization should supervise and
inspect network security, protection and management and the implementation
of security measures.
Section 18 If the Public Security computer management and supervision
organization discovers an address, directory or server with content in
violation of section five, then the appropriate units should be notified to
close or delete it.
Section 19 The Public Security computer management and supervision
organization is responsible for pursuing and dealing with illegal computer
information network activities and criminal cases involving computer
information networks. Criminal activities in violation of sections four or
section seven should according to the relevant State regulations, be handed
over to the relevant department or to the legal system for appropriate
disposition.
Chapter Four Legal Responsibility
Section 20 For violations of law, administrative regulations or of section
five or section six of these regulations, the Public Security organization
gives a warning and if there income from illegal activities, confiscates the
illegal earnings.
For less serious offenses a fine not to exceed 5000 RMB to individuals and
15,000 RMB to work units may be assessed.
For more serious offenses computer and network access can be closed down for
six months, and if necessary Public Security can suggest that the business
operating license of the concerned unit or the cancellation of its network
registration. Management activities that constitute a threat to public order
can be punished according to provisions of the public security management
penalties articles. Where crimes have occurred, prosecutions for criminal
responsibility should be made.
Section 21 Where one of the activities listed below has occurred, the Public
Security organization should order that remedial action should be taken with
a specific period and give a warning; if there has been illegal income, the
income should be confiscated; if remedial action is not taken within the
specified period, then a fine of not more than 5000 RMB may be assessed
against the head of the unit and persons directly under the unit head and a
fine of not more than 15,000 RMB against the unit; in the case of more
offenses, the network and equipment can be closed for up to six months. In
serious cases Public Security may suggest that the business license of the
organization be canceled and its network registration canceled.
(1) Not setting up a secure system
(2) Not implementing security techniques and protection measures
(3) Not providing security education and training for network users
(4) Not providing information, materials or electronic documentation needed
for security, protection and management or providing false information
(5) For not inspecting the content of information transmitted on behalf of
someone else or not registering the unit or individual on whose behalf the
information was transmitted
(6) Not establishing a system for registering users and managing the
information of electronic bulletin boards.
(7) Not removing web addresses and directories or not closing servers
according to the relevant state regulations.
(8) Not establishing a system for registering users of public accounts
(9) Lending or transferring accounts
Section 22 Violation of section four or section seven of these regulations
shall be punished according to the relevant laws and regulations.
Section 23 Violations of section eleven or section twelve of these
regulations or not fulfilling the responsibility or registering users shall
be punished by a warning from Public Security or suspending network
operations for six months.
Chapter Five Additional Regulations
Section 24 These regulations should be consulted with regards to the
implementation of the security, protection and management of computer
information networks connecting to networks in the Hong Kong Special
Administrative Region as well as with networks in the Taiwan and Macao
districts.
Section 25 These regulations go into effect on the day of promulgation.
------------------------------
Date: Tue, 13 Jan 1998 10:17:06 -0800
From: <Rob.Slade@sprint.ca>
Subject: File 2--"Underground", Suelette Dreyfus
BKNDRGND.RVW 970723
"Underground", Suelette Dreyfus, 1997, 1-86330-595-5, A$19.95
%A Suelette Dreyfus
%C 35 Cotham Road, Kew 3101, Australia
%D 1997
%G 1-86330-595-5
%I Reed Books/Mandarin/Random House Australia
%O A$19.95 +61-2-9550-9207 fax: +61-2-9560-0334
%O debbie@iaccess.com.au
%P 475
%T "Underground"
This book is yet another gee-whiz look at teenage mutant wannabe-high-
tech-bandits. The stories revolve around a number of individuals with
loose links to one particular bulletin board in Melbourne, Australia,
all engaged in system intrusions and phone phreaking.
An immediate annoyance is the insistence of the author in referring to
system breaking as "hacking." ("Cracking" seems to be reserved for
breaking copy protection on games and other commercial software.) If
any actual hacking takes place--creative, or otherwise sophisticated,
use of the technology--it isn't apparent in the book. The
descriptions of activities are vague, but generally appear to be
simple "cookbook" uses of known security loopholes. This may not
accurately reflect the events as they transpired, since the author
also betrays no depth of technical knowledge, and seems to be willing
to accept boasting as fact. The bibliography is impressively long
until you realize that a number of the articles are never used or
referenced. At which point, you wonder how much material has even
been read.
The structure and organization of the book is abrupt and sometimes
difficult. Social or psychological observations are arbitrarily
plunked into the middle of descriptions of system exploration, and,
even though the paucity of dates makes it difficult to be sure, they
don't appear to be in any chronological sequence, either. Those who
have studied in the security field will recognize some names and even
"handles," but the conceit of using only handles for members of the
"underground" makes it difficult to know how much of the material to
trust.
Early chapters foreshadow dire events to overtake "Craig Bowen" and
Stuart Gill: Bowen never gets mentioned again, and Gill is only
mentioned twice, peripherally. (In combination with frequent
allusions to ignorance on the part of law enforcement agencies, one
might suspect that a kind of Australian version of "The Hacker
Crackdown" [cf. BKHKCRCK.RVW] was planned, but, if so, it didn't come
off.)
The book's attitude is also oddly inconsistent. In places, the
crackers and phreaks are lauded as brilliant, anti-establishment
heroes; but, by and large, they are portrayed as unsocialized,
paranoid, spineless non-entities, who have no life skills beyond a few
pieces of pseudo-technical knowledge used for playing vicious pranks.
So thorough is this characterization, that it comes as a total shock
to find, in the afterword, that not only do these people survive their
court convictions, but also become important contributing members of
society.
The author seems to feel quite free to point fingers in all
directions. The absurdity of giving "look-see" intruders larger
prison sentences than thieves or spies is pointed out, but not the
difficulty of legally proving intent. After repeatedly hinting at
police incompetence, brutality, and even corruption, the book ends
with a rather weak statement implying that the situation is getting
better. The common cracker assertion that if sysadmins don't want
intruders, then they should secure their systems better, is followed
up with no discussion of surveys showing only one full-time security
person per five thousand employees, and only passing mention, by one
of the ex-intruders, of the extreme difficulty in doing so. Poor
family situations are used so frequently to justify illegal activities
that one feels the need to point out that *most* products of "broken"
homes do *not* become obsessive, paranoid loner criminals!
It is interesting to see a book written about a non-US scene, and from
a non-American perspective. Technically and journalistically,
however, it has numerous problems.
copyright Robert M. Slade, 1997 BKNDRGND.RVW 970723
------------------------------
Date: Wed, 14 Jan 1998 08:16:02 -0600
From: "Rosebrock, Lester" <ROSEBROCK@UTHSCSA.EDU>
Subject: File 3--"MS Sucks...."
I take great offense when you sing the "virtues" of Microsoft because
they make a cheaper product.
How can the Windows platform be cheaper when the Federal government is
having to spend millions/billions of dollars to upgrade their computers
to overcome the year 2000 thing?
If cheaper is better, then why don't all of the restraunts close down so
that only McDonald's, Wendy's and Buger King remain. After all, they
sell a much cheaper product than a normal restraunt.
And since we're at it, let's get rid of Mercedes, BWM, and all other
luxury cars.
Yugo and the Ford Escort are two cars that have a very attractive price.
My point is, just because a product is cheaper it doesn't mean that it
is better.
Microsoft's products are medicore at best.
------------------------------
From: Dave++ Ljung <dxl@HPESDXL.FC.HP.COM>
Subject: File 4--Re: More on "Microsoft Evil?"
Date: Mon, 12 Jan 98 11:59:52 MST
|From--MRand33609 <MRand33609@aol.com>
|Subject--File 8--US vs Microsoft
|
|Is Microsoft Evil?
|
|Bill Gates the most productive man in the United States, is actually
|being persecuted for being productive
That's one heck of an opinion that I think many would disagree with.
| To me, this issue should not even be discussed between
|rational people.
I've never heard of such an issue. If both sides had points, I can't
imagine how it shouldn't be discussed.
Now, I can see some of your points, I myself am actually philosophically
close to your ideas, being *somewhat* of a laissez-faire capitalist myself.
However, I can see that you don't believe that there are such things as
unfair business practices, and you seem to think that anyone at the top
of a business *must* be providing the best products at the best prices.
To some it's easy to see that it's not the case with Microsoft, since
they are up to a *decade* behind in OS technology, yet a huge majority
of computers use their OS. But I don't really care whether you believe
this or not, I don't see a point in starting a religious war.
But I would like to bring forward the point of 'unfair business practices.'
The world of software and hardware has two features which are enormously
different than any other business.
1) The rate of change is incredible - approximately 2x improvement on
all fronts every 18 months (see Moore's law or history for that).
2) An incredible amount of inertia. It's much harder to change hardware
or software platforms when you decide to upgrade because your equipment
is obsolete (as compared to say, buying a Chevy after your Ford dies).
These factors create a situation ripe for a monopoly takeover. Whoever gets
in first can start acting in such a way to get a mojority of market share.
Then the market is stuck - and the company can act with only as much
competition as required to keep people from getting frustrated enough to
overcome point #2 above. If you look at history, this is exactly what has
happened - with Microsoft in the world of software and another company in
terms of hardware - which I don't need to mention since it's too close the
business I work in :)
I won't go into a list of the things that Microsoft has done to abuse
market share - just look into it's history and talk to some of the people
who are opposed to it. Just look at it's original licensing for DOS and
Windows. Is Bill Gates evil? I doubt that - he is; however, a very
intelligent man who knows how to get a market and take it over, and I
would argue that the possibility that Microsoft does NOT provide the best
products at the best price.
Don't take my word - look into the history - look into how Microsoft
deals with competitors, and maybe you'll start to understand why
anti-trust legislation exists. Unfortunately the monopoly is (imho)
the one example of how the market can't take care of itself unattended.
------------------------------
Date: Mon, 12 Jan 98 17:18:46 EST
From: Jonathan Olkowski <olkowski@babson.edu>
Subject: File 5--Contribution In response to "Is Microsoft Evil"
This laughable essay (US vs Microsoft - MRand33609@aol.com - CUD #10.02
Sun, Jan 11, 1998)
begs an obvious question: Do the Ends justify the Means?
Sure, Microsoft has definately made some major contributions to the
computing industry, albiet it can be argued that those contributions are
wholly self-serving in the end. But despite this, there are numerous
documented incidents where Microsoft overstepped its bounds and gained a
competitve advantage in an unethical and possibly illegal fashion. Yes,
we're all fully aware that Microsoft didn't create the trend, but we're
also not going to go jumping off bridges because everyone else is doing it
too.
I'll agree that Microsoft has been helpful in some ways to the computing
community but that is no justification for its actions. For all we know,
if Hitler had his way the world might have solved some of its problems -
but at what price?
Balancing methodology with results is a difficult ethical dilemna, but not
when it comes down to self-serving individuals trying to make a buck at the
expense of others. That is, unless the most important thing to you is
money...
------------------------------
Date: Mon, 12 Jan 1998 14:56:58 -0500 (EST)
From: Bob Bruen <bruen@genome.wi.mit.edu>
Subject: File 6--Review - Privacy on the Line. The Politics of Wiretapping...
Privacy on the Line. The Politics of Wiretapping and Encryption
by Whitfield Diffie and Susan Landau. MIT Press 1998. 342 pages.
Bibliography, index and endnotes. $25.00 ISBN 0-262-04167-7.
LoC KF9670.D54
=============================================================
Book Review. Copyright 1998 Robert Bruen.
=============================================================
The issue of encryption use by private citizens was pushed into
the public eye after Phil Zimmerman was placed under threat of
indictment resulting from the release of Pretty Good Privacy(PGP).
The indictment threat was withdrawn and the public stopped paying
much attention to it. It was replaced by the threat of the Computer
Decency Act (CDA) as the focus of attention. Now that threat has been
pushed back, so the focus seems to be somewhat diffused. The underlying
problem has not received the attention it deserves. These two events
(and a few others) are merely instances of the most serious threat
to the American way of life since the Civil War. The threat is to
our right to privacy in our communications with one another. The right
to privacy is not mentioned explicitly in the Constitution, but it
falls within the penumbra (shadow) of the rights that are explicit.
There has been a constant and continuing effort by various agencies
of the Federal Government, law enforcement and state governments to
chip away at this right. These efforts have been resisted by a number
of groups through legal challenges and media publicity. The battle is
raging, but it does not appear that most of the citizens in America
realize the extent of the consequences of this war. It is the difference
between a police state such as George Orwell envisioned in his novel 1984
(perhaps as demonstrated in East Germany and the former Soviet Union
without quite the high tech capability) and a free society as envisioned
by the framers of our Constitution.
The very future of our society is at stake, but in order to understand
just how serious the threat is, one must understand technical ideas
such as encryption, computing and networks. There are many good books
available on these topics, but they are not truly accessible to the
average citizen because the technical information is difficult and there
is not a connection to their everyday lives. Moreover the issues are
clouded by struggles over pornography and free speech.
The vacuum has been filled by Mr. Diffie and Professor Landau. He is
known as the inventor of public-key cryptography and she was primary
author of the 1994 Association of Computing Machinery report, "Codes,
Keys, and Conflicts: Issues in US Crypto Policy.'" There is no question
on their qualifications to speak on this issue.
This book is well researched with an extensive bibliography that includes
not only the expected books and articles, but also government reports, FBI
memos and Congressional testimony. This is straight-forward presentation
of just how much of a problem we all have. FBI director Louis Freeh will
not like this book, nor will the NSA, but anyone who is concerned about
their privacy and freedom will be grateful for the clear detailing of the
threat. This loss of our ability to have encrypted communication will be
an unrecoverable one. It would be the same as if the South had won the
Civil War and slavery was legal today. The major difference would be that
all of our citizens will be enslaved instead of just a particular group.
There is no other issue today that will have as much of an impact on our
future freedom as this one.
Using FBI memos, documents and testimony, the authors bring out the
fact that the FBI is willing to say just about anything to get a law
passed that makes the use of encryption by private citizens illegal.
The history of the NSA's dealings with other government agencies shows
how they have tried to control the debate and the rules concerning
encryption. These agencies have determined that encryption is of
major importance and I believe they are correct. Diffie and Landau
make this case in such a masterful manner, that you can not read the
book and not walk away with this conclusion. I think this is one of
the most important books published on privacy because it pulls together
all the relevant information in one very readable place.
The issues of cryptography, privacy, law enforcement, national security
and wiretapping are all brought together in an orderly, coherent work,
that is well written enough to be an enjoyable read that shows no signs
over-dramatization. But when you are done, the overall effect is powerful.
As an example, the value of wiretapping is often used a justification
to control the use of encryption. The authors use government reports
to demonstrate that the actual value is quite low, limited to a
few well publicized cases. In many cases the real tool was the use
of bugs, not wiretaps, which of course has little to do with encryption.
Wiretaps, new technology and the legal approach to encryption use control
are just the building blocks for the surveillance society of tomorrow.
One of the most important features of the book is the step by step
history of the attempts to pass laws by the NSA and the FBI. Quotes
are given by people like National Security Advisor Brent Scowcroft
in 1991 where he refers to an attempt "...to seek a legislative fix
to the digital telephony problem" and " Success with digital
telephony will lock in one major objective; we will have established
a beachhead we can exploit for the encryption fix..." This is
a clear indication that there is plan to eliminate our rights to
private communication.
I suggest that this book should be considered urgent reading and should
be widely circulated. It could be the one that wakes everybody up.
---------------------------------------------------------
Dr. Robert Bruen is the Director of Systems and Operations
at the Whitehead Institute/MIT Center for Genome Research.
He writes book reviews for Cipher, the Newsletter of the
IEEE Computer Society Technical Committee on Privacy and
Security, www.itd.nrl.navy.mil/ITD/5540/ieee/cipher.
------------------------------
Date: Thu, 08 Jan 1998 17:22:07 -0500
From: "Evian S. Sim" <evian@escape.com>
Subject: File 7--Another UNICEF/Mitnick story
Source - http://www.news.com/News/Item/0%2C4%2C17931%2C00.html?nd
UNICEF site hacked
By Courtney Macavinta
January 8, 1998, 12:20 p.m. PT
Unknown culprits invaded the home page of the United Nation's
Children Fund (UNICEF) last night, threatening a "holocaust" if
famed hacker Kevin Mitnick is not released from prison.
The hack is reminiscent of a break-in suffered by Yahoo last
month in which, for a few moments, hackers were able to post on
the site a similar message calling for Mitnick's release. Mitnick
is in a federal penitentiary for a series of high-tech crimes.
Those who cracked UNICEF's site intertwined a jargon-filled
message with the children's rights organization's information
about the starvation and exploitation of children around the
world. They also posted photographs of women in bathing suits.
The page was titled "Starvin' for Kevin."
"Drunkz Against Madd Mothers [DAMM] and UNICEF have formed a
coalition to put an end to the mistreatment of Kevin Mitnick,"
stated the translated note. "After all, Kevin is just a big kid,
and that's what UNICEF is all about, helping the children."
If Mitnick is not released by Groundhog Day (February 2), the
hackers said, 100 children per day would be eaten by 20 "starving
super-models." The threat is even more far-fetched than the
warning posted on Yahoo.
The culprits who broke into Yahoo said the site's recent visitors
had been infected with "logic bomb/worm" that would detonate on
Christmas Day, "wreaking havoc upon the entire planet's
networks." The bomb never went off--which was no surprise to
computer experts.
But the UNICEF site's security was compromised much longer than
that of Yahoo, as the nonprofit organization can't monitor its
site around the clock. Some Net users told NEWS.COM they stumbled
upon the hack last night. The organization said today that it
discovered the altered home page around 4 a.m., and fully
restored the site by 8:30 a.m. today.
<snip>
------------------------------
Date: Tue, 13 Jan 1998 12:37:39 -0800 (PST)
From: Mike Godwin (mnemonic) Tue 13 Jan 98 10:40
Subject: File 8--Eff announces Barry Steinhardt to BoD
eff.43: The EFF in the News
eff.43.115: Mike Godwin (mnemonic) Tue 13 Jan 98 10:40
For Immediate Release
EFF Announces Appointment of Barry Steinhardt as President and CEO, and
Election of Lori Fena as Chairman
SAN FRANCISCO, January 12, 1998 -- The Electronic Frontier Foundation (EFF)
today announced that its Board of Directors has appointed Barry Steinhardt
to President and Chief Executive Officer. Steinhardt is currently the
Associate Director of the American Civil Liberties Union. The appointment
was made at an EFF Board meeting held today in San Francisco.
He replaces Lori Fena, who has been elected Chairman of the Board of EFF.
Resigning Chairman Esther Dyson remains an active, enthusiastic member of
the Board.
"We are very pleased to appoint Barry Steinhardt as our new President," said
Esther Dyson, former Chairman of the EFF Board of Directors. "Steinhardt has
a wealth of experience with both our issues and the operation of non-profit
organizations."
"Barry's background is exactly what we were looking for," Dyson continued.
"We expect him to be able to help us continue to build EFF as a premier
organization that can take on the daunting challenge of defending and
defining civil liberties and structures to protect them in the electronic
world."
As Associate Director of the ACLU, Steinhardt formed and chaired its Cyber-
liberties Task Force, which coordinates the ACLU's extensive program on
information technology issues. He was a co-founder of the Global Internet
Liberty Campaign (GILC), the world's first international coalition of on-
line rights groups and one of the originators of the Internet Free
Expression Alliance (IFEA), which was recently formed to monitor issues
related to Internet content rating and filtering. Steinhardt has spoken and
written widely on cyber-liberties issues.
Most recently he was the co-author of "Fahrenheit 451.2 - Is Cyberspace
Burning?", the ACLU White paper on Internet content rating and blocking. He
is currently at work on the ACLU handbook on "The Rights of Persons
On-line."
In addition to his cyber-liberties work, Steinhardt has coordinated the ACLU
policy development process and efforts to strengthen structure and
management of the ACLU's 53 state affiliates. He has been with the ACLU for
17 years and previously served as Executive Director of its Pennsylvania and
Vermont affiliates.
"This is a tremendous opportunity for Barry, who has shown talent and
imagination in the cyber-liberties arena," said ACLU Executive Director Ira
Glasser. "It is also an opportunity for the ACLU to work even more closely
than we have with EFF on many issues where we share common goals and
values."
Steinhardt succeeds outgoing EFF Executive Director Lori Fena, who will
become Chairman of EFF's Board of Directors, and will resume her career in
private industry as a venture investment advisor and consultant.
"Lori Fena has done a superb job of building EFF over the past two years,"
Dyson said. "She demonstrated great vision in her stewardship of TRUSTe and
a host of other projects and is an excellent choice as incoming Chairman.
The Board of Directors is very grateful for her leadership and looks forward
to working with Lori in her new capacity," Dyson concluded.
- - more -
page 2
EFF appointment
Fena noted that EFF and ACLU have a long history of cooperative action that
has ranged from the successful challenge to the Communications Decency Act
in the 1997 Supreme Court decision in Reno v. ACLU, to ongoing efforts to
promote the privacy of communications through the use of strong encryption.
Most recently, the two organizations joined together to support
legislation to remove the restrictions on the use of encryption. They also
have cooperated in Bernstein v. Department of State, in which EFF is
challenging the constitutionality of the US Government's restrictions on the
export of encryption technology. Fena further noted that EFF and ACLU have
been regular coalition partners, including common membership in the GILC and
IFEA coalitions.
"Hiring Barry is a natural step for EFF," Fena said. "It will strengthen the
bond between two dedicated civil liberties organizations. We expect the two
groups to work together even more closely to leverage our respective
strengths to protect free speech and privacy in the information age."
Steinhardt said he is "grateful for the opportunity to play a leadership
role in the next phase of EFF's development."
"EFF was the pioneer defender of the rights of on-line users," he continued.
"With the explosive growth of the Internet and other information
technologies, the need for a strong and vibrant EFF is greater
than ever."
Steinhardt said that he expected to concentrate his efforts on expanding
EFF's membership and financial resources, maximizing EFF's already strong
public presence, organizing grassroots support for cyber rights, enlarging
EFF's role in the global movement for on-line rights and providing support
for EFF's pioneering work to adapt traditional concepts of civil liberties
for new mediums.
Steinhardt will formally assume his new role on February 2.
The Electronic Frontier Foundation (http://www.eff.org/) is a non-profit
civil liberties organization working in the public interest to promote
privacy, free expression, and social responsibility in new media.
For further information please contact:
Barry Steinhardt
barrys@aclu.org
(212)549-2508
Lori Fena
lori@eff.org
(415)436-9333
Esther Dyson
edyson@edventure.com
(212)924-8800
------------------------------
Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 9--Cu Digest Header Info (unchanged since 7 May, 1997)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
In ITALY: ZERO! BBS: +39-11-6507540
UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #10.04
************************************
