Copy Link
Add to Bookmark
Report
Chaos Digest Volume 01 Numero 23
Chaos Digest Lundi 10 Mai 1993 Volume 1 : Numero 23
ISSN 1244-4901
Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere
TABLE DES MATIERES, #1.23 (10 Mai 1993)
File 1--_Chaos Corner_ contre _Chaos Digest_ (image de marque[s])
File 2--Recevoir du courrier pirate devient dangeureux (courrier)
File 3--The Legion of Doom: le retour (actualite)
File 4--TAMU Security Tools Package (nouveau produit)
File 5--Apres la _Galactic Hacker Party_ de 1989... (congres d'ete)
File 6--"Computer Viruses ..." de Haynes/McAfee (critique)
Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost by sending a message to:
linux-activists-request@niksula.hut.fi
with a mail header or first line containing the following informations:
X-Mn-Admin: join CHAOS_DIGEST
The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070)
or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P.
155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299)
groups.
Issues of ChaosD can also be found on some French BBS. Back issues of
ChaosD can be found on the Internet as part of the Computer underground
Digest archives. They're accessible using anonymous FTP from:
* kragar.eff.org [192.88.144.4] in /pub/cud/chaos
* uglymouse.css.itd.umich.edu [141.211.182.91] in /pub/CuD/chaos
* halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos
* ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest
* ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos
* nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos
* orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos
CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited.
Some authors do copyright their material, and they should be contacted for
reprint permission. Readers are encouraged to submit reasoned articles in
French, English or German languages relating to computer culture and
telecommunications. Articles are preferred to short responses. Please
avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.
----------------------------------------------------------------------
Date: Tue Apr 27 17:15:41 -0500 1993
From: rdc@pelican.cit.cornell.edu (Bob Cowles )
Subject: File 1--_Chaos Corner_ contre _Chaos Digest_ (image de marque[s])
There seems to exist a possible confusion between the name of your digest
and an electronic journal that I have been publishing for several years
(since June, 1991). I'm not sure what the best resolution is at this point
(it's not like either of us is going to lose any money); but we should
certainly be aware of each other's journal. I assume that you chose your
name based on the Chaos Club ... and I chose my name (of Chaos Corner) based
on the Chaos Manor column in Byte Magazine (also on the condition of my
office).
I hope that we can cooperate and keep any confusion to a minimum. The
following file is what I send out in response to requests for information
or new subscriptions:
+++++
What you have here is a combination of Dr. Science (from National Public
Radio), Chaos Manor (from Byte), and Rumor Central (from PC Week).
Chaos Corner is a small, randomly published electronic newsletter I write
that mentions things I have found in the process of wandering across the
network. Back copies are available, and a copy of Volume 1 and 2 (with an
*index*) is available in PostScript form (via ftp) or bound hardcopy with
nice covers.
Volume 1 (10 issues) or volume 2 (11 issues) can be obtained as a file with
an index at the back. ftp to pelican.cit.cornell.edu and look in /pub for
the files ccv01.text (the ascii version) and ccv01.ps (the PostScript
version). For volume 2, look for ccv02.ps or ccv02.text Single issues can
be obtained from the same place and are of the form ccv0Xn0Y.txt where X is
the volume number (1 for 1991, 2 for 1992, and 3 for 1993).
Subscriptions may be obtained by sending mail to:
chaos-request@pelican.cit.cornell.edu
The lead-in and trailer to Dr. Science always says "I have a masters degree,
in science..."
+++++
Sincerely,
Bob Cowles (bob.cowles@cornell.edu)
Assistant Director for Technologies
(alias dr.chaos... I have a Master's degree)
Cornell Information Technologies
Ithaca, NY USA
------------------------------
Date: Wed Apr 28 15:33:36 EDT 1993
From: T01CAL%ETSU.BITNET@uga.cc.uga.edu (calvin )
Subject: File 2--Recevoir du courrier pirate devient dangeureux (courrier)
Organization: East Tennessee State University
sir:
a mutual friend of ours requested that i write to you and tell you about
recent events at etsu. ed street has been expelled from this unversity due
to a virus attack. it is possible that one of ed's viral experiments got
away from him and infected several labs on campus. the labs were infected
with the DIR_II virus and because of ed's research suspicion feel upon him
one of the effects of the investigation was that ed's cms account was
searched and his correspondance was confiscated. as part of the investiga-
tion any individuals the ed was in contact are also under "investigation"
and is possibly involved in a "international conspiracy" to penetrate etsu's
security.pretty scary stuff, huh?
-c
[ChaosD: Ce message nous est parvenu de la sorte sans autre explication.
Notre correspondant "Ed Street" est l'un des intervenants les plus connus
de "Virus-L Digest". Voici les deux courriers qu'il nous avait envoye avant
que son compte ne soit ferme!]
Date: Fri Nov 13 12:57:54 EST 1992
From: TAWED%ETSU.bitnet@CUNYVM.CUNY.EDU (ed street )
Subject: in responce, and a question...
greetings!
first off my opinion is that every programer should have access to
information pertaining to viruses. The mass of the public is under the
impressions that viruses's are harmfull, but little do they know that there
main goal is to survive and to replicate. (it started out from a game...)
but I think I don't need to go into much detail here (you probably know more
than I do on this subject)
I think that re-printing the black book would be a great help to those who
(like me) would love to obtain a source of information on viruses so as to
emperiment... and am in dis-believe that the french goverment is trying to
crack down on such matters...
Also I was curious as to why this question was asked of me, I am very glad
that it was because i've been looking for the club(wanting to possibly join)
and havn't had much luck (more appropriately not enough time).
I was firstly wondering what is the purpose of the club (from the few things
I have heard it's partially for research and program writings...) and as to
how I might be able to join...
thanks;
"hacker" tawed@etsu.bitnet
+++++
Date: Sun Dec 6 19:56:46 EST 1992
From: TAWED%ETSU.bitnet@CUNYVM.CUNY.EDU (me!!!! )
Subject: christma exec a sent... he he he
*laugh* this is funny..
I was reading 'Computer Viruses A High-tech Disease' written by Ralf Burger
in 1988. In it is the source code listing for the christma exec a chain-mail
bug. hmmmm, I thought A good way to sink my teath into REXX. WEll I copied
in to my account and took the original and commented all of it out, as well
as changed a few lines. Before this I made a copy.
I took the copy and put comments all through it so that I could monitor what
was happening in the program. And It started sending copies to all those
people in my Names File!!!!!!!!! I started laughing and then later I chased
them all down and found out that only 8 was send out. As of now I have 6
files deleted from those that did get sent out. (what was send out was the
modified version that I disarmed and changed around, in case something like
this would happen.) :-)
anyway one copy did make it's way to a programer at this University so I
don't know about that copy yet. I sent him mail and told him to erase it.
*laugh* it was funny to watch it execute.|
(P.s. you can use this in the digest if you want, along with making changes
as needed.)
.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=
#INCLUDE <STD_DSCLAMR.H>
#DEFINE HACKER "ED STREET" <TAWED@ETSU.BITNET>
VOID MAIN(VOID) {
PRINTF("SOMEDAY I WILL GET A *REAL* MESSAGE LINE!!\N");
}
------------------------------
Date: Wed, 5 May 1993 21:15:00 GMT
From: tdc@zooid.guild.org (TDC )
Subject: File 3--The Legion of Doom: le retour (actualite)
Organization: The Zoo of Ids
Repost from: telecom13.305.1@eecs.nwu.edu
Release Date: 4 May 16:07 EDT
READ AND DISTRIBUTE EVERYWHERE - READ AND DISTRIBUTE EVERYWHERE
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Important Anouncement
The
LOD
Legion of Doom
Is Back!
No that has not been a mis-print ... the LOD has returned! The world's
greatest hacking group has formally been reinstated to bring back dignity
and respect to a scene that has rapidly deteriorated since its departure.
Unlike many of these other "Groups" that go around with upper/lower case
names, that trade in PBX's, VMB's etc. and wouldn't know COSMOS if it hit
them over the head. The LOD, at least to me, imbodies the pinnacle of
understanding that comes from relentless exploration of the "system"
backwards and forwards. It is an organization dedicated to understanding
the world's computer and telephone networks. Enabling everyone to progress
forward in technology. The accumulated product of this -- the Technical
Journals, full of information unavailable anywhere except from telco manuals
represents something to valuable to lose.
It is a true tragedy that after the great witch hunt that was Operation Sun
Devil that the former LOD died. If the powers that be, think they can shut
down real hackers by undertaking unprovoked, uneeded not to mention
unconstitutional draconian acts they are mistaken. We will not be kept down!
We are a segment of society that enjoys what others label difficult and
technical. Exploration into the uncharted reaches of technology is our
calling. Information, learning and understanding is what we are made of.
As the technology revolution impacts us all, it is the hackers and not the
medieval statutes of the land that will lead us forward.
This will be the primary of purpose the new, revived LOD -- the assembly and
release of a Technical Journal. The previous fourissues, now several years
old BADLY need updating.
The Journal will rely heavily on reader submitted articles and information,
so anything you wish to contribute would be GREATLY appreciated. Acceptable
submitions would include ORIGINAL "how-to- guides" on various systems,
security discussions, technical specifications and doccumentation. Computer
and telephone related subjects are not the only things acceptable. If you
remember, the former journals had articles concerning interrogation and
physical security among others.
The next LOD Technical Journal will comprise almost entirely of freelance or
reader submitted articles. So without YOUR contributions it can not proceed!
If you wish to hold the wonderful honour of being an LOD Member (won't this
look good on your resume), you may apply by contacting us. The qualifica-
tions should need no elaboration. Any of the previous members that wish
reactivation (doubtful) need only request it.
In addition to needing articles for the upcoming Journals, some sites on the
net to aid in distribution would also be welcomed. Send all offers and
articles to the following email account:
tdc@zooid.guild.org
Closing date for article submittions to the LOD Technical Journal Number 5
is: Monday 14 June, 1993. Release date: Friday 18 June, 1993.
Since we have no monetary or contractual obligation to anyone, these dates
are of course tentative. But since or at least initially we will rely almost
entirely on reader submitions a date is needed to get potential writers into
gear.
In order that this gain exposure to as much publicity as possible please
post it on any networks that you may have access to.
Note that the LOD does not engage or condone illegal or criminal activities.
This would cover, but is not limited to, theft of long distance services,
credit fraud or data destruction/alteration.
Lord Havoc
[ChaosD: L'adresse e-mail donne dans cet article n'est pas relie directement
a l'InterNet. Envoye vos courriers de preference a: gaea@zooid.guild.org a
l'attention de LOD.]
------------------------------
Date: Tue May 4 14:36:11 CDT 1993
From: Dave.Safford@sc.tamu.edu (Dave Safford )
Subject: File 4--TAMU Security Tools Package (nouveau produit)
Texas A&M Network Security Package Overview
BETA Release 1.0 -- 4/16/93
Dave Safford
Doug Schales
Dave Hess
DESCRIPTION:
Last August, Texas A&M University UNIX computers came under extensive
attack from a coordinated group of internet crackers. This package of
security tools represents the results of over seven months of development
and testing of the software we have been using to protect our estimated
twelve thousand internet connected devices. This package includes
three coordinated sets of tools: "drawbridge", an exceptionally powerful
bridging filter package; "tiger", a set of convenient yet thorough
machine checking programs; and "netlog", a set of intrusion detection
network monitoring programs. While these programs have undergone extensive
testing and modification in use here, we consider this to be a beta test
release, as they have not had external review, and the documentation is
still very preliminary.
KEY FEATURES:
For full technical details on the products, see their individual README's,
but here are some highlights to whet your appetite:
DRAWBRIDGE:
- inexpensive (pc with SMC/WD 8013 cards);
- high level filter language and compiler;
- powerful filtering parameters;
- DES authenticated remote filter management;
- O(1) table lookup processing for full ethernet;
bandwidth processing, even with dense class B net;
filter specifications.
TIGER:
- checks key binaries against cryptographic;
checksums from original distribution files;
- checks for critical security patches;
- checks for known intrusion signatures;
- checks all critical configuration files;
- will run on most UNIX systems, and has tailored;
components for SunOS, Next, SVR4, Unicos.
NETLOG:
- efficiently logs all tcp/udp establishment attempts;
- powerful query tool for analyzing connection logs;
- "intelligent" intrusion detection program.
AVAILABILITY:
This package is available via anonymous ftp in:
sc.tamu.edu:pub/security/TAMU
At this location there is also a script "check_TAMU" that can perform
cryptographic checksums on the distribution files, in case you obtained
them from other archive sites.
Note that there are some distribution limitations, such as the inability
to export (outside the US) the DES libraries used in drawbridge; see the
respective tool readme's for details of any restrictions.
CONTACT:
Comments and questions are most welcome. Please address them to:
drawbridge@sc.tamu.edu
------------------------------
Date: Wed, 28 Apr 1993 04:12:57 -0700
From: emmanuel@WELL.SF.CA.US (Emmanuel Goldstein )
Subject: File 5--Apres la _Galactic Hacker Party_ de 1989... (congres d'ete)
Repost from: CuD #5.32.1
Hack-Tic presents:
-------------------------------------------------------------------
H A C K I N G A T T H E E N D O F T H E U N I V E R S E
-------------------------------------------------------------------
An 'in-tents' summer congress
H U H?
+-------
Remember the Galactic Hacker Party back in 1989? Ever wondered what
happened to the people behind it? We sold out to big business, you
think. Think again, we're back!
That's right. On august 4th, 5th and 6th 1993, we're organising a
three-day summer congress for hackers, phone phreaks, programmers,
computer haters, data travellers, electro-wizards, networkers, hardware
freaks, techno-anarchists, communications junkies, cyberpunks, system
managers, stupid users, paranoid androids, Unix gurus, whizz kids, warez
dudes, law enforcement officers (appropriate undercover dress required),
guerilla heating engineers and other assorted bald, long-haired and/or
unshaven scum. And all this in the middle of nowhere (well, the middle
of Holland, actually, but that's the same thing) at the Larserbos
campground four metres below sea level.
The three days will be filled with lectures, discussions and workshops
on hacking, phreaking, people's networks, Unix security risks, virtual
reality, semafun, social engineering, magstrips, lockpicking,
viruses, paranoia, legal sanctions against hacking in Holland and
elsewhere and much, much more. English will be the lingua franca for
this event, although some workshops may take place in Dutch. There
will be an Internet connection, an intertent ethernet and social
interaction (both electronic and live). Included in the price are four
nights in your own tent. Also included are inspiration, transpiration,
a shortage of showers (but a lake to swim in), good weather
(guaranteed by god), campfires and plenty of wide open space and fresh
air. All of this for only 100 dutch guilders (currently around US$70).
We will also arrange for the availability of food, drink and smokes of
assorted types, but this is not included in the price. Our bar will be
open 24 hours a day, as well as a guarded depository for valuables
(like laptops, cameras etc.). You may even get your stuff back! For
people with no tent or air mattress: you can buy a tent through us for
100 guilders, a mattress costs 10 guilders. You can arrive from 17:00
(that's five p.m. for analogue types) on August 3rd. We don't have to
vacate the premises until 12:00 noon on Saturday, August 7 so you can
even try to sleep through the devastating Party at the End of Time
(PET) on the closing night (live music provided). We will arrange for
shuttle buses to and from train stations in the vicinity.
H O W ?
+-------
Payment: In advance only. Even poor techno-freaks like us would like
to get to the Bahamas at least once, and if enough cash comes in we
may just decide to go. So pay today, or tomorrow, or yesterday, or in
any case before Friday, June 25th 1993. Since the banks still haven't
figured out why the Any key doesn't work for private international
money transfers, you should call, fax or e-mail us for the best way to
launder your currency into our account. We accept American Express,
even if they do not accept us. But we are more understanding than they
are. Foreign cheques go directly into the toilet paper recycling bin
for the summer camp, which is about all they're good for here.
H A !
+-----
Very Important: Bring many guitars and laptops.
M E ?
+-----
Yes, you! Busloads of alternative techno-freaks from all over the
planet will descend on this event. You wouldn't want to miss that,
now, would you?
Maybe you are part of that select group that has something special to
offer! Participating in 'Hacking at the End of the Universe' is
exciting, but organising your very own part of it is even more fun. We
already have a load of interesting workshops and lectures scheduled,
but we're always on the lookout for more. We're also still in the
market for people who want to help us organize this during the
congress.
In whatever way you wish to participate, call, write, e-mail or fax us
soon, and make sure your money gets here on time. Space is limited.
S O :
+-----
> 4th, 5th and 6th of August
> Hacking at the End of the Universe
(a hacker summer congress)
> ANWB groepsterrein Larserbos
(Flevopolder, Netherlands)
> Cost: fl. 100,- (+/- 70 US$) per person
(including 4 nights in your own tent)
M O R E I N F O :
+-------------------
Hack-Tic
Postbus 22953
1100 DL Amsterdam
The Netherlands
tel : +31 20 6001480
fax : +31 20 6900968
E-mail : heu@hacktic.nl
V I R U S :
+-----------
If you know a forum or network that you feel this message belongs on,
by all means slip it in. Echo-areas, your favorite bbs, /etc/motd, IRC,
WP.BAT, you name it. Spread the worm, uh, word.
------------------------------
Date: Mon May 3 00:32:00 -0600 1993
From: roberts@decus.arc.ab.ca ("Rob Slade, DECrypt Editor, VARUG NLC rep )
Subject: File 6--"Computer Viruses ..." de Haynes/McAfee (critique)
Copyright: Robert M. Slade, 1993
St. Martin's Press
175 Fifth Ave.
New York, NY 10010
USA
Computer Viruses, Worms, Data Diddlers, Killer Programs and Other Threats
to Your System: what they are, how they work and how to defend your
PC, Mac or mainframe, John McAfee and Colin Hayes, 1989, 0-312-02889-X
If you buy only one book to learn about computer viral programs -- this is
*not* the one to get. As a part of a library of other materials it may
raise some interesting questions, but it is too full of errors to serve as
a "single source" reference.
I began to have my doubts about the validity of this book in the foreword,
written by no less a virus researcher than John C. Dvorak. He states that
what we need, in order to stem the virus problem, is a
"... Lotus 1-2-3 of virus code. Something that is so skillfully [sic]
designed and marvelously [sic] elegant that all other virus programs
will be subject to ridicule and scorn."
Aside from a rather naive view of human nature, this was obviously written
before his more recent PC Magazine editorial in which he states that virus
writers are the most skilful programmers we have.
The prologue seems to be a paean of praise to one John McAfee, frequently
identified as Chairman of the Computer Virus Industry Association. He is
also identified as head of Interpath Corporation. Intriguingly, there is
no mention of McAfee Associates or the VIRUSCAN/SCAN suite of programs.
Given that the "chronology" of computer viral programs ends after 1988,
the present company may not have been a formal entity at the time.
The first six chapters give the impression of being a loose and somewhat
disorganized collection of newspaper articles decrying "hackers". Some
stories, such as that of the Morris/Internet Worm, are replayed over and
over again in an unnecessary and redundant manner, repetitively rehashing
the same topic without bringing any new information forward. (Those
having trouble with the preceding sentence will have some idea of the style
of the book.)
Chapters seven to thirteen begin to show a bit more structure. The
definition of terms, some examples, recovery, prevention, reviewing
antivirals and the future are covered. There are also appendices; the
aforementioned chronology, some statistics, a glossary, and interestingly,
a piece on how to write antiviral software.
Given what is covered in the book, am I being too hard on it in terms of
accuracy? Well, let's let the book itself speak at this point. The errors
in the book seem to fall into four main types. The least important is
simple confusion. The Chaos Computer Club of Europe are stated to be "arch
virus spreaders" (p. 13). The Xerox Worm gets confused with the Core Wars
game (p. 25). The PDP-11 "cookie" prank program is referred to as "Cookie
Monster", and is said to have been inspired by Sesame Street.
At another level, there is the "little knowledge is a dangerous thing"
inaccuracies. These might be the understandable result of a journalist
trying to "flesh out" limited information. The Internet Worm is said to
have used a "trapdoor", an interesting description of the sendmail "debug"
feature (p. 12). "Trapdoor" is obviously an all-encompassing term. The
"Joshua" program in the movie "Wargames" is also so described on page 78.
Conway's "Game of LIFE" is defined as a virus, obviously confusing the self-
reproducing nature of "artificial life" and not understanding the boundaries
of the programming involved, nor the conceptual nature of Conway's proposal
(p. 25). Mac users will be interested to learn that "through much of 1988"
they were spreading the MacMag virus, even though it was identified so early
that few, if any, ever reached the "target date" of March 2, 1988, and that
none would have survived thereafter (p. 30).
Some of the information is simply wild speculation, such as the contention
that terrorists could use microcomputers to spread viral software to
mainframes (p. 12). Did you know that because of the Jerusalem virus, some
computer users now think it wiser to switch the computer off and go fishing
on Friday the 13th (p. 30)? Or that rival MS-DOS and Mac users use viral
programs to attack each others systems (p.43)? That the days of public
bulletin boards and shareware are numbered, and that by the early 1990's,
only 7000 BBSes will remain, with greatly reduced activity (p. 43)? Chapter
thirteen purports to deal with the possible future outcomes of viral
programs, but should be recognizable to anyone as, at best, pulp fiction.
Some of the information is just flat out wrong. Page 75, "... worms do not
contain instructions to replicate ..." Or, on page 95, a diagram of the
operations of the BRAIN virus, showing it infecting the hard disk.
We won't delve too deeply into the statements about the CVIA and Interpath
Corporation. It is interesting to note, though, that of the antiviral
software "reviewed", only one product still remains in anything like the
same form. Flu-Shot, at the time the most widely used antiviral software,
is *not* reviewed (although it is mentioned later in the book--in a very
negative sense).
In a sense I am being too hard on the book. It does contain nuggets of
good information, and even some interesting speculation. However, the
sheer weight of "dross" makes it extremely difficult to recommend it. If
you are not familiar with the real situation with regard to viral programs,
this book can give you a lot of unhelpful, and potentially even harmful,
information. If you are familiar with the reality, why bother with it?
+++++++
Vancouver ROBERTS@decus.ca | "Don't buy a
Institute for Robert_Slade@sfu.ca | computer."
Research into rslade@cue.bc.ca | Jeff Richards'
User p1@CyberStore.ca | First Law of
Security Canada V7K 2G6 | Data Security
------------------------------
End of Chaos Digest #1.23
************************************