Copy Link
Add to Bookmark
Report
Phrack Inc. Volume 03 Issue 35 File 12
==Phrack Inc.==
Volume Three, Issue Thirty-five, File 12 of 13
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Issue XXXV / Part Three PWN
PWN PWN
PWN Compiled by Dispater PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Prodigy Stumbles as a Forum...Again
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Mike Godwin (Electronic Frontier Foundation)
On some days, Prodigy representatives tell us they're running "the Disney
Channel of online services." On other days the service is touted as a forum
for "the free expression of ideas." But management has missed the conflict
between these two missions. And it is just this unperceived conflict that has
led the B'nai B'rith's Anti-Defamation League to launch a protest against the
online service..
On one level, the controversy stems from Prodigy's decision to censor
messages responding to claims that, among other things, the Holocaust never
took place. These messages--which included such statements as "Hitler had some
valid points" and that "wherever Jews exercise influence and power, misery,
warfare and economic exploitation ... follow"--were the sort likely to stir up
indignant responses among Jews and non-Jews alike. But some Prodigy members
have complained to the ADL that when they tried to respond to both the overt
content of these messages and their implicit anti-Semitism, their responses
were rejected by Prodigy's staff of censors.
The rationale for the censorship? Prodigy has a policy of barring
messages directed at other members, but allows messages that condemn a group.
The result of this policy, mechanically applied, is that one member can post a
message saying that "pogroms, 'persecutions,' and the mythical holocaust" are
things that Jews "so very richly deserve" (this was an actual message). But
another member might be barred from posting some like "Member A's comments are
viciously anti-Semitic." It is no wonder that the Anti-Defamation League is
upset at what looks very much like unequal treatment.
But the problem exposed by this controversy is broader than simply a badly
crafted policy. The problem is that Prodigy, while insisting on its Disney
Channel metaphor, also gives lip service to the notion of a public forum.
Henry Heilbrunn, a senior vice president of Prodigy, refers in the Wall Street
Journal to the service's "policy of free expression," while Bruce Thurlby,
Prodigy's manager of editorial business and operations, invokes in a letter to
ADL "the right of individuals to express opinions that are contrary to personal
standards or individual beliefs."
Yet it is impossible for any free-expression policy to explain both the
allowing of those anti-Semitic postings and the barring of responses to those
postings from outraged and offended members. Historically, this country has
embraced the principle that best cure for offensive or disturbing speech is
more speech. No regime of censorship--even of the most neutral and well-
meaning kind--can avoid the kind of result that appears in this case: some
people get to speak while others get no chance to reply. So long as a board of
censors is in place, Prodigy is no public forum.
Thus, the service is left in a double bind. If Prodigy really means to be
taken as a computer-network version of "the Disney Channel"--with all the
content control that this metaphor implies--then it's taking responsibility for
(and, to some members, even seeming to endorse) the anti-Semitic messages that
were posted. On the other hand, if Prodigy really regards itself as a forum
for free expression, it has no business refusing to allow members to respond to
what they saw as lies, distortions, and hate. A true free-speech forum would
allow not only the original messages but also the responses to them.
So, what's the fix for Prodigy? The answer may lie in replacing the
service's censors with a system of "conference hosts" of the sort one sees on
CompuServe or on the WELL. As WELL manager Cliff Figallo conceives of his
service, the management is like an apartment manager who normally allows
tenants to do what they want, but who steps in if they do something
outrageously disruptive. Hosts on the WELL normally steer discussions rather
than censoring them, and merely offensive speech is almost never censored.
But even if Prodigy doesn't adopt a "conference host" system, it
ultimately will satisfy its members better if it does allow a true forum for
free expression. And the service may be moving in that direction already:
Heilbrunn is quoted in the Wall Street Journal as saying that Prodigy has been
loosening its content restrictions over the past month. Good news, but not
good enough--merely easing some content restrictions is likely to be no more
successful at solving Prodigy's problems than Gorbachev's easing market
restrictions was at solving the Soviet Union's problems. The best solution is
to allow what Oliver Wendell Holmes called "the marketplace of ideas" to
flourish--to get out of the censorship business.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Network to Ban 'Repugnant' Comments
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Washington Post
Prodigy has been charged with allowing "antisemitic slurs" to run on its
network. Prodigy officials said they would *not* censor discussion of
controversial subjects, such as the one that has been raging over the net for
several months -- whether the Holocaust was a hoax.
The controversial message that was labeled "repugnant" included the
statements: "Hitler had some valid points...", and "...whenever Jews exercise
influence and power, misery, warfare and economic exploitation [are the
result]". There were six other messages that the Anti-Defamation League of
B'nai B'rith are complaining about. The Hitler message was not available to
all subscribers, it was just personal mail between users. The person who
received the mail brought it to the ADL's attention.
Civil liberties groups have compared computer networks to telephone
companies, which do not censor calls. However, Prodigy officials object to
that analogy, saying it is more like a newspaper, and that Prodigy must judge
what is acceptable and what is not, much as a newspaper editor must.
Prodigy officials take the position of, and I quote, "we were speaking in
broader terms ... we were focused on the broad issue of free expression".
_______________________________________________________________________________
More on Proctor & Gamble August 15, 1991
~~~~~~~~~~~~~~~~~~~~~~~
by Randall Rothenberg (New York Times)
Further Reading: Phrack Inc., Issue 33 , File.12, "Proctor & Gamble"
Law-enforcement officials in Ohio have searched the records of every
telephone user in southwestern Ohio to determine who, if anyone, called a Wall
Street Journal reporter to provide information that Proctor & Gamble said was
confidential and protected by state law.
The investigation goes far beyond examining the telephone records of
current and former employees of the giant consumer products company, an inquiry
the Hamilton County prosecutor's office confirmed on Monday. The Journal
reported the scope of the investigation Thursday.
The prosecutor, Arthur Ney Jr., acting on a complaint by Procter & Gamble,
ordered Cincinnati Bell to turn over all the telephone numbers from which
people called the home or office of the reporter, Alecia Swasy, from March 1 to
June 15.
The situation began sometime before June 17 when Procter & Gamble, which
makes Tide detergent, Crest toothpaste and other familiar supermarket products,
asked the Cincinnati police to determine whether current or former employees
were leaking confidential corporate information to The Wall Street Journal.
On Monday the newspaper reported that the company had been bothered by two
news articles published on June 10 and June 11 written by Ms. Swasy, a reporter
based in Pittsburgh who covers Procter & Gamble. The articles cited
unidentified sources saying that a senior executive was under pressure to
resign from the company, and that it might sell some unprofitable divisions.
But a spokeswoman for Procter and Gamble, Sydney McHugh, said Thursday
that the company "had been observing a disturbing pattern of leaks" since the
beginning of the year. She refused to elaborate, but said the decision to
pursue legal action was reviewed at several levels in the company and was made
by Jim Jessee, a corporate security officer.
Two Ohio statutes protect the unauthorized disclosure of trade secrets.
One makes it a felony to transmit formulas, customer lists or other tangible
pieces of information that would be valuable to a company and its competitors.
But another, broader law makes it a misdemeanor to disclose "any confidential
matter or information" without the company's consent.
The Cincinnati police approached the Hamilton County prosecutor's office,
which sought and received from a grand jury a subpoena for telephone records.
A copy of the subpoena, dated June 17, was given to The New York Times by
someone involved in the case who insisted on anonymity. The subpoena ordered
Cincinnati Bell to "identify all (513) area code numbers that have dialed" Ms.
Swasy's home or office telephones in Pittsburgh during an eight-week period
that started on March 1.
Cincinnati Bell serves 655,297 telephone numbers in the 513 area code, in
an area covering 1,156 square miles, said Cyndy Cantoni, a spokeswoman for the
company. In the company's entire jurisdiction, which also covers parts of
Kentucky and Pennsylvania, about 13 million toll calls are placed in an average
month, she said.
Ms. Cantoni said she could not comment on what Cincinnati Bell turned over
to the authorities, but said the company routinely complied with subpoenas.
Under normal procedure, the company's computers would have automatically
searched its customer list and printed out only the originating numbers, and
not the names or addresses, of calls to Ms. Swasy's numbers, Ms. Cantoni said.
The Wall Street Journal, which is published by Dow Jones & Co., reported
on Monday that neither Ms. Swasy nor executives at the Journal were informed of
the subpoena by the authorities.
Neither Terry Gaines, a first assistant prosecutor, nor Ed Ammann, a
police department colonel involved with the investigation, returned repeated
calls to their offices.
Alan F. Westin of Columbia University, an authority on technology and
privacy issues, said the legality of the Ohio authorities' search for the
Procter & Gamble whistleblower may depend on how the investigation was pursued.
If Procter & Gamble turned over the names and phone numbers of present and
former employees to the police and the police matched that list against the
numbers they were given by the telephone company, the rights of other,
uninvolved parties may not have been violated, Westin said. But if the police
learned the names of people unaffiliated with Procter & Gamble who called the
Journal's reporter, he said, or if they turned over a list of numbers to
Procter & Gamble for research, some Ohio residents' Fourth Amendment
protections may have been sullied.
"When technology allows you to run millions of calls involving 650,000
telephone subscribers through a computer in order to identify who called a
person, potentially to find out whether a crime was committed, you raise the
question of whether technological capacity has gone over the line in terms of
what is a reasonable search and seizure," Westin said.
_______________________________________________________________________________
Expert Fraud Shares Tricks of His Trade October 7, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Bob Reilly (New York Times)
PHOENIX -- A freelance writer didn't think the $333 that Forbes magazine
paid him for a one-page article was enough money so he used his personal
computer to duplicate the check in the amount of $30,000. And, the check
cleared.
A handyman fixes a bedroom window and gets paid by check. The handyman
copies down the homeowner's bank account number, name, address and check number
sequences and sends $4.95 to a company that prints fancy colored checks. The
handyman masters the homeowner's signature and then proceeds to cash the checks
after they arrive.
American Express and Mastercard traveler's checks are duplicated on a
colored photostat machine and spent in hotels and restaurants.
A man rents a banquet room in a hotel for $800 and gets the bill in the
mail a few days later. The man sends in a check for $400 with the notation
"paid in full" written in the lower left-hand corner. The hotel cashes the
check and sends a notice to the man saying $400 is still owed. The man refuses
to pay the $400 and wins in court because the law says by cashing the check the
hotel conceded the debt was paid.
White-collar crime amounts to more than $50 billion a year, said Frank
Abagnale, who cited the examples at a business-sponsored seminar in the Phoenix
Civic Center. By contrast, bank robbers, who get most of the media attention,
abscond with a paltry $450 million, he said.
Abagnale is said to have conducted scams and frauds in 26 nations. Known
as "The Imposter," he now advises government and industry. He says he served
six years in jail in France, Sweden and the U.S. for his crimes, which included
writing bad checks for more than $2.5 million.
"As technology improves, so does the ability to commit fraud," said
Abagnale.
He claims that at 16 he impersonated an airline pilot, at 18 was a chief
resident pediatrician in a Georgia hospital, at 19 passed the Louisiana state
bar exam and served as an assistant attorney general for the state.
Abagnale also claims he never flew an airplane or treated a patient but
along the way used false names to get jobs and pass bad checks. He claims he
even got a job at age 20 teaching sociology at Brigham Young University,
beating out three Ph.D.s for the job.
"I was always just one chapter ahead of the class," he said. Demeanor,
style, confidence, clothes and the overt display of wealth also help the con
man, Abagnale said.
Abagnale claimed he got one teller to cash a napkin because he drove up to
the bank in a chauffeur-driven Rolls Royce and entered wearing a $600 suit and
all the confidence of a billionaire. The feat was recorded for television by
CBS, he said.
Another time he supposedly put the numbers of the bank account he was
using on a bunch of deposit slips, placed the deposit slips in a bank for
public use, and in one day alone more than $40,000 was deposited into his
account by unsuspecting customers who picked up his slips because they had
either run out of their own or hadn't yet got their own deposit slips.
Abagnale asserted that there are several ways to discourage fraud,
including:
-- Use checks that are impossible to duplicate on a home computer.
-- Don't cash checks that don't have at least one rough edge.
-- Scan travelers checks by looking for impossible to reproduce
pictures or symbols that can only be seen at eye level or by
wetting the back, left-hand side of an American Express traveler's
check, which will smudge if it is authentic.
Abagnale is known as the author of a book called "Catch Me If You Can."
"I always knew I would eventually get caught," he said. "Only a fool
believes he won't. The law sometimes sleeps, but it never dies."
Abagnale claimed he started a life of crime when his parents divorced and
he was forced to choose between living with his mother or father. He said he
couldn't make the choice and ran away.
_______________________________________________________________________________
Dumb Jocks Learn First Lesson of Phreaking October 17, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Associate Press
Four current Ball State University basketball players have admitted to
investigators that they charged a total of $820.90 in unauthorized long
distance calls. School officials announced the preliminary findings in the
first phase of their report the the NCAA. What the investigators found, in
regards to the unauthorized calls, was the following information:
Person Yr Calls Cost
~~~~~~~~~~~~~~~~ ~~~ ~~~~~ ~~~~~~~
Jeermal Sylvester Sop 255 $769.93
Chandler Thompson Sen 28 $ 45.14
Michael Spicer Sen 3 $ 4.43
Keith Stalling Sen 1 $ 1.40
Investigators reported three of the men said former players had provided
the long distance credit card numbers or authorization codes on which the calls
were made. The fourth player Keith Stalling, could not explain how his call
had been charged to the university. Head basketball coach Dick Hunsaker
reiterated that neither he nor the coaching staff had made available the
numbers that were assigned to the coaches.
"When this problem was first discovered back in August, it came as a shock
to me," Hunsaker said. "I'm disappointed with the judgement of the players
involved, but I'm glad we're getting to the bottom of it quickly and clearing
it up before the season starts."
"Our attention now will focus on former players and other people not
connected with the basketball program who might have used the same credit cards
and access numbers," said the university's auditor. The investigation that
began in August was conducted by the Ball State university's auditor and
Department of Public Safety. The investigation started one week after a
routine review of telephone records by athletic department officials. At the
time, investigators said the total cost of the unauthorized calls was in the
thousands of dollars.
_______________________________________________________________________________
Silicon Government in California October 28, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From UPI Sacramento
California unveiled an easy-to-use computer system Wednesday that is
designed to tell people about such topics as statewide job openings, where
parents can find child care and how to re-register a car.
Officials described the experimental "Info/California" program as an
information-dispensing version of an automatic teller machine at a bank. It
will operate in Sacramento and San Diego as a pilot project for the next nine
months.
Users will obtain free information on a variety of state services as they
touch the television-like computer screen to evoke an on-screen narration and
color graphics in English, Spanish and potentially other languages.
"It literally puts state government at our fingertips," a computerized
image of Gov. Pete Wilson said at a Capitol news conference.
Secretary Russell Gould of the Health and Welfare Agency said the system
may be especially useful to announce job openings as the economy rebounds from
the recession. Job-seekers will need a fourth-grade literacy level to use the
machine, which will refer them to Employment Development Department offices for
follow-up.
Director Frank Zolin of the Department of Motor Vehicles said the system
will benefit 20 million drivers who want vehicle registration renewals, vanity
license plate orders and faster service.
John Poland, Central California manager for IBM -- the state's partner in
the project -- said that besides telling the public about job opportunities, it
will allow Californians to order birth certificates and get information about
education, transportation, health and welfare at more than one site.
During the nine-month trial, people will use the system at 15 kiosks in
Sacramento and San Diego that will be similar to, and eventually integrated
with, local system kiosks such as those in the courts in Los Angeles and Long
Beach, and for community services in San Diego and Tulare counties.
Info/California was authorized under 1988 legislation. It is based on an
experimental touchscreen network in Hawaii that 30,260 people used over a six-
month period.
The state spent about $300,000 on the project, and IBM invested about $3
million to develop the technology. By performing functions now done by humans,
the system may ultimately replace some state workers and produce cost savings
for taxpayers.
"We're working smart here," Gould said. "This may diminish some of the
need for new state workers."
_______________________________________________________________________________
Digital Tapes Deal Endorsed by Music Industry October 30, 1991
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From (Congressional Monitor)
Record industry executives joined with retailers and consumer groups in
endorsing legislation (S 1623) that would pave the way for widescale
introduction of digital audio tapes into the U.S. marketplace.
For the first time, consumers would be allowed to legally make copies of
prerecordings for home use.
The agreement would allow artists, songwriters, and record companies to
collect royalty fees on the sale of blank tapes and digital audio recorders.
In addition, an electronics chip will be placed in the recorders to
prevent anything other than the original recording to be copied.
In testimony before the Senate Judiciary Committee's Subcommittee on
Patents, Copyrights, and Trademarks, pop star Debbie Gibson said that many
artists had been concerned that digital copying could spell the end of a
profitable music industry.
Unlike conventional tapes, digital audio recorders allow consumers to make
a perfect copy of a prerecording. The record industry says it already loses $1
billion a year in sales due to illegal copying. And, the industry says,
unchecked digital technology would dramatically increase that figure.
Electronics manufacturers and retailers won the assurance that they will
not be sued for copyright infringement due to the sale of blank tapes or
recorders.
_______________________________________________________________________________
Computer Cryptography: A Cure For The Common Code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Anyone can sign a postcard, but how do you sign a piece of electronic
mail? Without a "signature" to demonstrate that, say, an electronic transfer
of funds really comes from someone authorized to make the transfer, progress
towards all-electronic commerce is stymied. Ways of producing such signatures
are available, thanks to the technology of public-key cryptography. They will
not work to everyone's best advantage, though, until everyone uses the same
public- key system.
It is an obvious opportunity for standards-makers -- but in America they
have turned up their noses at all the variations on the theme currently in use.
The alternative standard for digital signatures now offered by America's
National Institute of Standards and Technology (NIST) has brought a long-
simmering controversy back to the boil.
Public-key cryptography could become one of the most common technologies
of the information age, underpinning all sorts of routine transactions. Not
only does it promise to provide the digital equivalent of a signature, it could
also give users an electronic envelope to keep private messages from prying
eyes. The idea is to create codes that have two related keys. In conventional
cryptography the sender and receiver share a single secret key; the sender uses
it to encode the message, the receiver to decode it.
In public-key techniques, each person has a pair of keys: a disclosed
public key and a secret private key. Messages encoded with the private key can
only be decoded with the corresponding public key, and vice versa. The public
keys are published like telephone numbers. The private keys are secret. With
this technology, digital signatures are simple. Encode your message, or just
the name you sign it with, using your private key. If the recipient can decode
the message with your public key, he can be confident it came from you.
Sending a confidential message -- putting electronic mail in a tamper-proof
envelope -- is equally straightforward.
To send a secret to Alice encode it with her public key. Only Alice (or
someone else who knows her private key) will be able to decode the message.
The heart of any system of public-key cryptography is a mathematical function
which takes in a message and a key, and puts out a code. This function must be
fairly quick and easy to use, so that putting things into code does not take
forever. It must be very hard to undo, so that getting things out of code does
take forever, unless the decoder has the decoding key. Obviously, there must
be no easy way to deduce the private key from the public key. Finding
functions that meet these criteria is "a combination of mathematics and
muddle," according to Roger Needham of the Cambridge Computer Laboratory.
The greatest successes to arise from the muddle so far are those using
functions called prime factorisation algorithms. They are based on the
mathematical insight that, while it is easy to multiply two numbers together,
it is very hard to work backwards to find the particular two numbers which were
multiplied together to produce some given number. If Alice chooses two large
prime numbers as her private key and publishes their 150-digit product as her
public key, it would probably take a code-breaker thousands of years to work
backwards to calculate her private keys.
A variety of schemes have been worked out which use this insight as the
basis for a workable public-key code. Most popular of these is the so-called
RSA algorithm, named after the three MIT professors who created it -- Ronald
Rivest, Adi Shamir and Len Adleman. It has been patented and is sold by a
Silicon Valley company, called RSA, that employs 15 people, most of them ex-MIT
graduate students. Faculty firms are to computer start-ups what family firms
were to the industrial revolution. RSA has attracted both academic praise and
a range of heavyweight commercial customers: Microsoft, Sun Microsystems,
Digital Equipment and Lotus Development. But, despite repeated applications, it
has never been endorsed by those in government. Rumors abound that the
codebreakers in the National Security Agency have discouraged standard-setters
from recommending RSA because they do not want to promote the use of codes they
cannot break. RSA, for obvious reasons, does not discourage the rumors.
Whatever the reason, the standard-setters at the NIST have sidestepped the
debate over RSA with their new algorithm, DSA. As set out in the standard, DSA
verifies the identity of the sender, but does not encrypt the message. It
appends to the message a number calculated from the message and the sender's
private key. The recipient can then use this number, the message and the
sender's public key to verify that the message is what it seems.
The NIST says that this technique is well suited to "smart cards" and
other applications where there is not a lot of computing power available for
working out codes. Because it hopes that DSA will be used for verifying the
identity of everyone from welfare recipients to military contractors, its
flexibility is a boon. Meanwhile, however, more and more companies are
choosing a public-key cryptography system for communicating confidentially --
often RSA, sometimes something different. Someday, probably soon, governments
will want to choose, too. Watch out for fireworks when they do.
_______________________________________________________________________________
SWBT Sends Off First "Cross-Country" ISDN Call
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Southwestern Bell Telephone
The nation's first "cross-country" public network ISDN was placed last
week, courtesy of SWBT. The historic first call was the result of a two-year
joint effort among SWBT, BellSouth Corp., US Sprint and Bellcore. SWBT's
Advanced Technology Lab originated the call, which used US Sprint's digital
facilities in Burlingame, Calif. The call terminated at a BellSouth switch
in Atlanta, Ga.
Using an ISDN video application, SWBT's trial director Ken Goodgold was
able to see and talk to BellSouth's David Collins. "With this test, the
geographic limits of ISDN-based services were stretched from a few miles to
cross-country," Goodgold says. "We began with protocol testing and service
verification, two key parts of the process," Goodgold says. "That required an
extremely complex series of technical tests. The Advanced Technology Lab staff
worked for months performing the tests leading up to the first successful
call."
Last week's test call was significant from a marketing perspective as well
as a technical one. That's because it demonstrated the economic benifits of
using ISDN for video information. "The cost of a long distance call is
approximately the same, whether it's a voice transmission using a regular phone
line or a video transmission using ISDN," Goodgold says. "That means a big
reduction in cost to arrange a videoconference." US Sprint joined the test
because ISDN has evolved beyond the local stage, says Terry Kero, the carrier's
director of InfoCom Systems Development Labs. "After today, it will be
technically possible to make an ISDN call across the country just as it is
possible today to make a regular long distance call," Kero says.
_______________________________________________________________________________