Copy Link
Add to Bookmark
Report
Chaos Digest Volume 01 Numero 03
Chaos Digest Lundi 18 Janvier 1993 Volume 1 : Numero 3
Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere
TABLE DES MATIERES, #1.03 (18 Janv 1993)
File 1--InterNet, Presentation de base
File 2--Reference CCCF dans la banque de donnees des associations
File 3--Pirates du Minitel travaillant chez France Telecom
File 4--NUAs de serveurs Europeens
File 5--Phreacking reconnu par la DG de France Telecom
File 6--OCDE, Directives pour la securite des systemes d'information
Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from jbcondat@attmail.com. The editors may be contacted
by
voice (+33 1 40101775), fax (+33 1 40101764) or S-mail at: Jean-Bernard
Condat,
Chaos Computer Club France [CCCF], 47 rue des Rosiers, 93400 St-Ouen, France
Issues of Chaos-D can also be found on some French BBS. Back issues also may
be
obtained from the mail server at jbcondat@attmail.com: all incoming messages
containing "Request: ChaosD #x.yy" in the "Suject:" field are answered (x is
the volume and yy the issue).
CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited. Some
authors do copyright their material, and they should be contacted for reprint
permission. Readers are encouraged to submit reasoned articles in French,
English or German languages relating to computer culture and telecommunica-
tions. Articles are preferred to short responses. Please avoid quoting
previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.
----------------------------------------------------------------------
Date: Fri Nov 20 14:25:16 CDT 1992
From: NPRESTON@SUVM.ACS.SYR.EDU (Nancy Preston )
Subject: File 1--InterNet, Presentation de base
Copyright: "ERIC Digests are in the public domain and may be freely
reproduced and disseminated".
ERIC DIGEST ERIC Clearinghouse on Information Resources
EDO-IR-92-7
Syracuse University September 1992
Syracuse, New York 13244-2340
Phone: (315) 443-3640
Fax: (315) 443-5448
Internet: ERIC@SUVM.ACS.SYR.EDU
INTERNET BASICS
By Roy Tennant
This digest briefly describes the Internet computer network, the
physical connections and logical agreements that make it possible,
and the applications and information resources the network provides.
The Internet
The Internet is a worldwide network of computer networks. It is
comprised of thousands of separately administered networks of many
sizes and types. Each of these networks is comprised of as many as
tens of thousands of computers; the total number of individual users
of the Internet is in the millions. This high level of connectivity
fosters an unparalleled degree of communication, collaboration,
resource sharing, and information access. In the United States, the
National Science Foundation Network (NSFNet) comprises the Internet
"backbone" (a very high speed network that connects key regions
across the country). The NSFNet will likely evolve into the National
Research and Education Network (NREN) as defined in the High-
Performance Computing Act of 1991 (P.L. 102-194, signed into law by
President Bush on December 9, 1991).
Physical Connections and Logical Agreements
For the Internet to exist, there must be connections between
computers and agreements on how they are to communicate. Connections
can consist of any of a variety of communication media or methods:
metal wires, microwave links, packet radio or fiber optic cables.
These connections are usually established within areas or regions by
the particular networking organization with authority or economic
interest in that area. For example, a university academic department
may lay Ethernet cable to connect its personal computers and
workstations into a local area network (LAN), which is then connected
to the cables the campus laid to connect its buildings together,
which is then linked to cables laid by a regional network, which
itself ties into the NSFNet backbone, the infrastructure for which
was funded by the U.S. government. Therefore the path between any two
points on the Internet often traverses physical connections that are
administered by a variety of independent authorities.
For disparate computers (from personal computers to mainframes) to
communicate with other computers over a network, there must be
agreements on how that should occur. These agreements are called
communication protocols. At present, the Transmission Control Protocol/
Internet Protocol (TCP/IP) suite of protocols defines how
Internet computers are to communicate. In the future, the Open
Systems Interconnection (OSI) suite of protocols promulgated by the
International Standards Organization (ISO) may be supported on the
Internet as well. These protocols define how certain applications are
to be accomplished: electronic messaging, online connections, and
the transfer of files.
Electronic Mail
Electronic mail, or e-mail, is a fast, easy, and inexpensive way to
communicate with other Internet users around the world. In addition,
it is possible for Internet users to exchange e-mail with users of
other independent networks such as CompuServe, Applelink, the WELL,
and others. Internet users often find that the expanded capability to
communicate with colleagues around the world leads to important new
sources of information, collaboration, and professional development.
Besides basic correspondence between two network users, e-mail
presents additional opportunities for communication. Through various
methods for distributing e-mail messages to lists of "subscribers,"
e-mail supports electronic discussions on a wide range of topics.
These discussions bring together like-minded individuals who use such
forums for discussing common problems, sharing solutions, and arguing
issues.
Another type of electronic communication that is growing in
popularity is the electronic journal, or "e-journal." Although some
e-journals require certain types of software and hardware to display
each issue, most e-journals are distributed to a list of subscribers
as an e-mail text message, either complete as one issue, or
retrievable at the article level by mailing a command to a software
program that automatically sends the appropriate file. The very
definition of a "journal" is undergoing change in the electronic
environment, as e-journal publishers experiment with different
publication models (e.g., sending articles out individually as soon
as they are ready rather than waiting until a group of articles are
gathered for an "issue").
Remote Login
Remote login is the ability of a computer user in one location to
establish an online connection with another computer elsewhere. Once
a connection is established with a remote computer, the user can use
that remote system as if their computer were a hard-wired terminal of
that system. Within the TCP/IP protocol suite, this facility is
called Telnet. Utilizing Telnet, an Internet user can establish
connections with a multitude of bibliographic databases (primarily
library catalogs), campus information systems of various
universities, full-text databases, data files (e.g., statistics,
oceanographic data, meteorologic data, geographic data, etc.), and
other online services. Many of these systems are available for any
Internet user to access and use without an account.
What makes this application truly remarkable is that ease and speed
of access are not dependent upon proximity. An Internet user can
connect to a system on the other side of the globe as easily as (and
generally not much slower than) he or she can connect to a system in
the next building. In addition, since many Internet users are not at
present charged for their network use by their institutions, or at
least are not charged by the level of their use, cost is often not a
significant inhibitor of usage. Therefore the barriers of distance,
time and cost, which are often significant when using other forms of
electronic communication, can be reduced in the Internet environment.
A compensating disadvantage is that initial costs for Internet
connection can be high, and access can be technically demanding.
File Transfer
Another application of the Internet is the ability to transfer files
from one Internet-connected computer to another. This function is
provided by the File Transfer Protocol (FTP) of the TCP/IP protocol
suite. In a method similar to using Telnet, network users initiate an
online connection with another Internet computer via FTP. But unlike
Telnet, this online connection can perform only functions related to
locating and transferring files. This includes the ability to change
directories, list files, retrieve files, etc.
Types of files that can be transferred using FTP include virtually
every kind of file that can be stored on a computer: text files,
software programs, graphic images, sounds, files formatted for
particular software programs (e.g., files with word processing
formatting instructions), and others. Many computer administrators
have set aside portions of their machines to offer files for anyone
on the Internet to retrieve. These archive sites support "anonymous"
logins that do not require an account to access, and therefore are
called anonymous FTP sites. To locate files, Internet users can use
the Archie service, which indexes files from over 900 separate
anonymous FTP sites (Tennant, 1993).
Extended Services
The three basic Internet applications of electronic mail, remote
login, and file transfer are also building blocks of more
sophisticated applications that usually offer increased functionality
and ease of network use. Tools such as Gopher, WAIS, and World Wide
Web go beyond the three basic Internet functions to make information
on the network easier to locate and use. Gopher is a project of the
University of Minnesota that uses a series of menus to organize and
automate access to information and other online systems wherever they
reside on the Internet. The Wide Area Information Servers (WAIS)
project of Thinking Machines, Apple Computer, Dow Jones & Co., and
KPMG Peat Marwick, seeks to provide a common interface to a multitude
of Internet databases. World Wide Web is a hypertext interface to
Internet information resources that was developed at CERN in
Switzerland (Tennant, 1993). This trend toward more powerful, user-
friendly networked information resource access systems is likely to
continue as the Internet grows and matures.
Future Possibilities
The backbone infrastructure for the United States portion of the
Internet (the NSFNet, or the Interim NREN) is largely supported
through federal government funding. For this reason, use of the
network has been limited to non-profit research and educational uses,
and commercial companies have established networking arrangements
that avoid using the NSFNet. Most recently, however, dialogues have
begun about commercialization and privatization of the NSFNet
infrastructure. The full effects of such a move on current Internet
users, especially research and educational institutions, has yet to
be seen. One certainty is that the breadth of information and the
services offered on the Internet will continue to burgeon, at an ever
more rapid rate.
Further Reading
Bishop, Ann P. (1991, December). The National Research and Education
Network (NREN): Update 1991. ERIC Digest. Syracuse, NY: ERIC
Clearinghouse on Information Resources. (EDO-IR-91-9). [Also in ERIC
as ED 340 390]
Farley, Laine (Ed.). (1991). Library resources on the Internet:
Strategies for selection and use. Chicago, IL: Reference and Adult
Services Section, American Library Association.
Kehoe, Brendan P. (1993). Zen and the art of the Internet: A
beginner's guide to the Internet. (2nd ed.). Englewood Cliffs, NJ:
Prentice Hall.
Lynch, Clifford, & Preston, Cecilia. (1990). Internet access to
information resources. In Martha E. Williams (Ed.), Annual review of
information science and technology. 26 (pp. 263-312). Medford, NJ:
Learned Information.
Malkin, Gary Scott, & Marine, April N. (1992). FYI on questions and
answers: Answers to commonly asked "new Internet user" questions.
Network Working Group, Request for Comments 1325. [Available through
anonymous FTP from host ftp.nisc.sri.com, directory rfc, filename
rfc1325.txt]
Polly, Jean Armour. (1992). Surfing the Internet: An introduction.
Wilson Library Bulletin. 66(10), 38-42+.
Scientific American. (1991). Special issue: Communications,
computers, and networks. 265(3).
Stanton, Deidre E. (1992). Using networked information resources: A
bibliography. Perth, WA: Author. [Available through anonymous FTP
from host infolib.murdoch.edu.au, directory pub/bib, filename
stanton.bib or stanton.bib.wp]
Tennant, Roy; Ober, John; & Lipow, Anne G. (1993). Crossing the
Internet threshold: An instructional handbook. Berkeley, CA: Library
Solutions Press.
U.S. Congress. (1991). High-Performance Computing Act of 1991. Public
Law 102-194, December 9, 1991. Washington, DC: U.S. Government
Printing Office. [Available through anonymous FTP from host
nnsc.nsf.net, directory nsfnet, filename nrenbill.txt]
------------------------------
Date: Thu Nov 19 14:30:45 -0500 1992
From: eekim@husc.harvard.edu (Eugene Eric Kim )
Subject: File 2--Reference CCCF dans la banque de donnees des associations
Copyright: Encyclopedia of Associations, 1992
Au detour d'une d'une recherche dans les banques de donnees americaines, un
de nos jeunes correspondant americain, Eugene Eric Kim, nous envoya la
reference correspondant au CCCF dans le fichier de toutes les associations
de part le monde. En voici le contenu:
+++++++
07996366 EA ENTRY NO.: 003634 (International Organizations)
Chaos Computer Club France (CCCF)
Boite Postale 8005, F-69351 Lyon Cedex 08, France
Phone: +33 1 40101775, Fax: +33 1 40101764
Jean-Bernard Condat, Gen.Sec.
FOUNDED: 1989. MEMBERS: 72. STAFF: 4. BUDGET: $12,000. LOCAL GROUPS: 7.
NATIONAL. Disseminates information on security products for micro and mini
computers. Promotes interest in cryptology (the scientific study of codes
and ciphers); will attempt to decipher and format cryptograms. Provides
system audits; offers courses on cryptography and industry documentation.
TELECOMMUNICATIONS SERVICES: E-mail: jbcondat@attmail.com. COMMITTEES:
Computer Frauds; Computer Viruses; Spy Instruments; Unix.
PUBLICATIONS: CCCF Newsletter, monthly. * Membership Directory,
semiannual. * Proceedings, annual.
CONVENTION/MEETING: annual (with exhibits).
SECTION HEADING CODES: Engineering, Technological, and Natural and Social
Sciences Organizations (04)
DESCRIPTORS: Computer Users; Cryptology
+++++++
Don't hesitate to answer me soonly :-)
Thanks.
______ ______ __ __
/\ ___\ /\ ___\ /\ \ \ \ Eugene Eric Kim '96 Harvard University
\ \ \__/ \ \ \__/ \ \ \_\ \ INTERNET: eekim@husc.harvard.edu
\ \ _\ \ \ _\ \ \ -_ #########################################
\ \ \/__ \ \ \/__ \ \ \-\ \ "Every man of action has an equal dose of
\ \____\ \ \____\ \ \_\ \_\ egotism, pride, cunning, and courage."
\/____/ \/____/ \/_/ \/_/ --Charles de Gaulle
------------------------------
Date: Mon Jan 11 14:07:03 MST 1993
From: imp@Boulder.ParcPlace.COM (Warner Losh )
Subject: File 3--Pirates du Minitel travaillant chez France Telecom
Copyright: Agence France Presse, 1992
Fraude minitel - Des ministeres ou administrations victimes de
"pirates du minitel" : un prejudice de plusieurs millions de francs-
PARIS, 1er oct 92 (250 MOTS)
Des administrations ou ministeres ont ete victimes a Paris ces
derniers mois de "pirates du minitel" travaillant a France-Telecom,
et huit personnes ont ete inculpees alors que le prejudice est
globalement estime a des millions de francs, apprend-on jeudi de
bonne source.
Une estimation precise du prejudice etait, indique-t-on, "difficile
a etabir en l'etat actuel de l'enquete".
Des tehniciens de France-Telecom sont soupconnes de s'etre
"branches" illegalement, a l'insu des victimes, sur leurs lignes
telephoniques empruntees par le minitel. Ils ont "largement profite"
de celles-ci, appelant par exemple des serveurs specialises dans des
jeux sur ecran ou, ajoute-t-on, "les communications s'eternisent
quand il s'agit de remporter un lot".
Le palais de justice a Paris s'est apercu le premier de cette
escroquerie presumee - reprimee par la recente loi sur l'informatique
- en constatant une note "tres elevee" de minitel. Celle-ci aurait en
effet atteint, ajoute-t-on, quelque 800.000 francs sur plusieurs
mois. Le Senat, les ministeres des affaires etrangeres ou des DOM-TOM
figureraient notamment au nombre des victimes.
Une enquete a ete ouverte puis confiee a la Brigade financiere
de Paris qui a procede, en debut de semaine, a une quinzaine
d'interpellations de suspects en region parisienne. Huit d'entre eux
ont ete presentes au juge Linais jeudi puis inculpes et laisses en
liberte sous controle judiciaire. D'autres inculpations "pourraient
suivre" ces prochains jours, conclut-on.
rb/da
------------------------------
Date: Sun Jan 10 13:00:58 -0500 1993
From: as194@cleveland.Freenet.edu (Doren Rosenthal )
Subject: File 4--NUAs de serveurs Europeens
Serveur NUA
--------------------------- ------------------------
ARDIC-CIDA 175000120
CARTERMILL 0234233400101
CSPP 023424126010604
DATA STAR 0228464110115
DBI 026245300040020
ECHO 0270448112
ECODATA 022846410908014
EPO 02041170121
ESA-IRS 175000394
0234219201156
FINSBURY 0234219200101
FIZ TECHNIK 026245724740001
GENIOS 026245400030296
GEOSYSTEMS 0234290840111
INKA-DATA 026245724740001
INPADOC 0232911602323
JURIDIAL 1061902007
KLUMER DATALEX 02041570020
OPOCE 0270429200
PROFILE 0234213300124
QUESTEL 1061902007
SCICON 0234290840111
SLIGOS 192020028
TELECOM GOLD 023421920100479
THERMODATA 138020100
--------------------------- ------------------------
Pour obtenir un de ces ordinateurs, il est necessaire d' obtenir un acces
Transpac par le 36062424 et de composer le NUA souhaite, suivi dans le cas
d'un systeme non fran
ais [=NUA commencant par un 0], de "P" et du NUI de six
caracteres.
------------------------------
Date: Thu Nov 19 10:38:32 CDT 1992
From: KRIZ@VTVM1.CC.VT.EDU (Harry M. Kriz )
Subject: File 5--Phreacking reconnu par la DG de France Telecom
Rubrique: Actualites
Messages, no. 419, Novembre 1992, page 5 (ISSN 0245-6001)
Mauvaise surprise pour les abonnes de la banlieue nord de Paris: pres
d'un
millier d'entre eux ont vu leurs factures de telephone gonfler a la suite d'un
piratage de ligne.
Renseignements pris, toutes ces personnes etaient en possession de
telephones sans fil non agrees. Il faut savoir que ces appareils, souvent
importes de l'etranger, ne possedent pas la meme protection electronique que
les telephones agrees. Des lors, rien n'interdit a un "pirate" muni d'un
telephone sans fil de se poster a proximite et de trouver, par tatonnement,
une frequence disponible qu'il utilise aux frais de l'abonne.
Pour eviter que de pareilles malversations ne se reproduisent, la
Direction de la reglementation generale du ministere des P et T va lancer
d'ici
la fin de l'annee une nouvelle campagne d'information sur l'agrement.
------------------------------
Date: Tue 22 Dec 1992 14:19:51 EDT
From: Marc_Rotenberg@WASHOFC.CPSR.ORG (Marc Rotenberg )
Subject: File 6--OCDE, Directives pour la securite des systemes d'information
OECD SECURITY GUIDELINES
The Organization for Economic Cooperation and Development
(OECD) has adopted international Guidelines for the Security of
Information Systems. The Guidelines are intended to raise awareness
of the risks in the use of information systems and to establish a
policy framework to address public concerns.
A copy of the press release and an excerpt from the Guidelines
follows. For additional information or for a copy of the guidelines,
contact Ms. Deborah Hurley, OECD, 2 rue Andre-Pascal, 75775 Paris
Cedex 16, 33-1-45-24-93-96 (phone) 33-1-45-24-93-32 (fax).
Marc Rotenberg, Director
CPSR Washington office and Member,
OECD Expert Group on Information System Security
rotenberg@washoc.cpsr.org
=============================================================
"OECD ADOPTS GUIDELINES FOR THE SECURITY OF INFORMATION SYSTEMS
"The 24 OECD Member countries on 26th November 1992 adopted
Guidelines for the Security of Information Systems, culminating almost
two years' work by an OECD expert group composed of governmental
delegates, scholars in the fields of law, mathematics and computer
science, and representatives of the private sector, including computer
and communication goods and services providers and users.
"The term information systems includes computers,
communication facilities, computer and communication networks and the
information that they process. These systems play an increasingly
significant and pervasive role in a multitude of activities, including
national economies, international trade, government and business
operation, health care, energy, transport, communications and
education.
"Security of information systems means the protection of the
availability, integrity, and confidentiality of information systems.
It is an international issue because information systems frequently
cross national boundaries.
"While growing use of information systems has generated many
benefits, it has also shown up a widening gap between the need to
protect systems and the degree of protection currently in place.
Society has become very dependent on technologies that are not yet
sufficiently dependable. All individuals and organizations have a
need for proper information system operations (e.g. in hospitals, air
traffic control and nuclear power plants).
"Users must have confidence that information systems will be
available and operate as expected without unanticipated failures or
problems. Otherwise, the systems and their underlying technologies
may not be used to their full potential and further growth and
innovation may be prohibited.
"The Guidelines for the Security of Information Systems will
provide the required foundation on which to construct a framework for
security of information systems. They are addressed to the public and
private sectors and apply to all information systems. The framework
will include policies, laws, codes of conduct, technical measures,
management and user practices, ad public education and awareness
activities at both national and international levels.
"Several OECD Member countries have been forerunners in the
field of security of information systems. Certain laws and
organizational and technical rules are already in place. Most other
countries are much farther behind in their efforts. The Guidelines
will play a normative role and assist governments and the private
sector in meeting the challenges of these worldwide systems. The
Guidelines bring guidance and a real value-added to work in this
area, from a national and international perspective."
PRINCIPLES
"1. Accountability Principle
The responsibilities and accountability of owners, providers
and users of information systems and other parties concerned with the
security of information systems should be explicit.
"2. Awareness Principle
"In order to foster confidence in information systems, owners,
providers and users of information systems and other parties should
readily be able, consistent with maintaining security, to gain
appropriate knowledge of and be informed about the existence and
general extent of measures, practices and procedures for the security
of information systems.
"3. Ethics Principle
"Information systems and the security of information systems
should be provided and used in such a manner that the rights and
legitimate interests of others are respected.
"4. Multidisciplinary Principle
"Measures practices and procedures for the security of
information systems should take into account of and address all
relevant consideration and viewpoints, including technical,
administrative, organizational, operational, commercial, educational
and legal.
"5. Proportionality Principle
"Security levels, costs, measures, practices and procedures
should be appropriate and proportionate to the value of and degree of
reliance on the information systems and to the severity, probability
and extent of potential harm, as the requirements for security vary
depending upon the particular information systems.
"6. Integration Principle
"Measures, practices and procedures for the security of
information systems should be co-ordinated and integrated with each
other and with other measures, practices and procedures of the
organization so as to create a coherent system of security.
"7. Timeliness Principle
"Public and private parties, at both national and
international levels, should act in a timely co-ordinated manner to
prevent and to respond to breaches of information systems."
"8. Reassessment Principle
"The security information systems should be reassessed
periodically, as information systems and the requirements for their
security vary over time.
"9. Democracy Principle
"The security of information systems should be compatible with
the legitimate use and flow of data ad information in a democratic
society."
[Source: OECD Guidelines for the Security of Information Systems (1992)]
------------------------------
End of Chaos Digest #1.03
************************************
