Computer underground Digest Sun May 9 1993 Volume 5 : Issue 34 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Editor: Etaoin Shrdlu, Senrio CONTENTS, #5.34 (May 9 1993) File 1--Another response to gender issues File 2-- Response to Wes Morgan File 3--Cryptography and Mythology File 4--New NIST/NSA Revelations File 5--About the Clipper Proposal File 6--Dvorak criticizes the SPA File 7--New 'Zine (ORA.COM) by O'Reilly & Associates Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailserver at: server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 1 May 93 09:25:02 EDT From: morgan@ENGR.UKY.EDU(Wes Morgan) Subject: File 1--Another response to gender issues In CuD 5.32, Sharon Boehlefeld wrote: >Women I've talked to (f2f and via cmc) are sometimes intimidated by >some males' exercise of their right to free speech. According to some of the men participating in soc.feminism (the moderated Usenet group concerned with feminist issues), it goes both ways. 8) >The problem >becomes one of a "chilling effect," in which speech is inhibited >because some speakers are afraid to voice their ideas and opinions. >They are afraid of opening themselves up to harassment, or worse. Are these same people unafraid to write a letter to the editor (or guest opinion) for their local newspaper? Are they afraid to march in a demonstration? Are they afraid to sign a petition? Are these same people afraid to stand by their beliefs in other forums? If so, why does the net deserve special recognition/analysis? Can you give an example of a free speech forum that does *NOT* have the po- tential to cause this fear and/or reticence? >Whether intentional or not comments like Landwehr's "feminist dogma" >remarks can have that chilling effect. (Not only women are silenced, >but also some men by such tactics.) If there is one phrase with which I have become completely disgusted, it is the dreaded 'chilling effect.' Have we become so sensitive that mere words on a screen can inhibit us? If so, what is the difference between a computer screen and _The New York Times_? Are you 'chilled' by the editorials you read in the paper? Are you 'chilled' by the fact that I disagree with you? Does the mere exercise of free speech 'chill' you? I notice that most writers seem to have few problems in using the traditional media, despite the presence of opposing (and, sometimes, obnoxious) viewpoints. Why should computer-mediated com- munication be different? Perhaps the immediacy of computer communication is part of the problem. The notion that a Usenet posting of email message will bring responses within minutes could conceivably generate a bit of concern, but I don't understand how it inhibits us. In fact, I would argue that computer- mediated communication can actually make the airing of potentially con- troversial opinions *much* easier. Pseudonymous servers are becoming more and more popular; if you aren't comfortable signing your real name to your postings, send them to anon.penet.fi or charcoal.com, where they will be posted with a unique, but anonymous, identifier such as "an83498." If you're dealing with a moderated newsgroup or mailing list, almost all moderators will strip your postings and/or submissions of identification before distributing them. If you really want to do some interesting research, you should do the following: - Pick 20 Usenet participants at random. - Read their postings for 2-3 months. - Arrange to meet them face to face. - After the meeting, marvel at the inaccuracy of your mental depiction of each of them. - Write and publish a paper on "Mistaken Impressions, or 'Don't Try to Read Between the Lines.'" I've met dozens, if not hundreds, of net participants over the last few years; *none* of them matched the mental image I had constructed from their words. One of the most forceful writers I've ever seen on the net turned out to be a rather quiet, almost mousy, young man; another, whose writings had always seemed unobtrusive and mellow, was a young lady with a dominant physical/intellectual presence. [ OPTIONAL EXERCISE FOR THE READER: [ Send me a description of the "mental image of me" that you have [ constructed from reading my postings. You can retrieve back [ issues of CuD for past postings; I also participate in many Use- [ net discussion groups. (look for a return address of either [ "morgan@engr.uky.edu" or "morgan@ms.uky.edu") I'd like to see [ just how accurate your perceptions can be. Feel free to speculate [ on my physical attributes, education, sexuality, events in my past, [ or any other topic that my words suggest to you. I'll answer pri- [ vately and tell you how close you are to the 'real me.' I may post [ a summary of responses, but identities will be held confidential. >Secondly, in Jim Thomas's response, he notes that he sees "no >significant evidence" that the "old boys" network is being recreated >in cyberspace. He notes, "The 'old boys' no longer control the >terrain..." I'm sure he realizes that the "old boys" have *never* >controlled the entire terrain, but the share allotted women has been, >and continues to be, small. Although some men seem consciously >willing to share larger portions of that terrain with women, what >little evidence we have to date seems to suggest that much of it is >still dominated by men. Larry Landwehr is obviously one of the men >unwilling to give up an inch of his cyberspace. Don't you see? Cyberspace doesn't belong to any one person; none of us can stake a claim to any part of it. Anyone who does so is both uninformed and egotistical. Take a look at the List of Lists, the compendium of publicly accessible mailing lists. *Very* few of them are managed/controlled by "well-known net personalities"; the vast majority of list owners are just regular folks. Some say that the cost of net access are too high for women/minorities to participate; I cannot agree with that perception any longer. These economic arguments against net.participation no longer hold water; if there is a site within local calling distance, one can establish a Cyberspace presence for less than $500 (a 286 PC and a modem). A quick glance at the UUCP maps shows that the following systems are being used as net sites: IBM PC/AT, PC/XT Apple Macintosh Plus Amiga 500 Atari 1040 Tandy Color Computer, TRS-80 AT&T 6300, 3B1, 3B2/310 If you can't pick up one of these systems for under $500, you aren't trying hard enough; I have seen some of these for sale at $200 and below. Software exists that simply 'drops in place'; very little technical expertise is required. In conclusion, I cannot dispute the fact that there are many obnoxious, offensive people on the net. However, I refuse to accept the notion that computer-mediated communication is significantly different from any other free speech forum. I believe that the current rush of gender issues in CMC -- from 'computer porn' to 'chilling effect' to 'old boy networks' -- are merely a reflection of the growing expanse of Cyber- space. I have yet to see evidence of *any* bias which is unique to computer-mediated communication. In fact, I submit that CMC provides better opportunities to respond to (or ignore) offensive material. I readily grant that CMC is far more direct (and timely) than almost any other form of group communication; however, the problems are neither based in nor reparable from a computational perspective. Fix the message, not the medium. ------------------------------ Date: Fri, 7 May 1993 13:59 CDT From: <BOEHLEFELD@WISCSSC.BITNET> Subject: File 2-- Response to Wes Morgan Wes Morgan wrote: > Can you >give an example of a free speech forum that does *NOT* have the po- >tential to cause this fear and/or reticence? No, I can't, Wes, and maybe that's the point? I think it's obvious that I'm not one of the women who feels "chilled" by verbal sparring. Among the points which I was trying to make is that *some* women (and some men) are. Just as a quick recap, my main points (apparently ill developed) were these: 1. There's nothing wrong with using a feminist perspective to conduct social science studies of computer mediated communication and computer technology issues. I did not, and do not intend to, suggest other perspectives should not also be used. 2. Several factors (accessibility and "harassing" posts among them) may be operating in such a way as to systematically exclude women from full participation in the net community. 3. I think the existing data are slim. We need more. I'll stop there, because even though there were some subpoints embedded in my first comments, I don't think I need to rehash them. I will say that since the post ran, I've received notes from folks whose opinions of what I wrote range from thinking I was "too obtuse" to thanking me for my "thoughtful response." But, to address Wes Morgan's concerns specifically, let me return to the line quoted at the top of this post. I cannot think of any existing "free speech forum" that doesn't include the potential for some chilling effect. I also believe other forums may also systematically exclude women from full participation. (Please note: I said *may* exclude. I have neither done, nor examined fully, existing research about those forums.) I'm interested, however, in the development of some kind of data base from which such hypotheses can be tested in an empirical manner. And I believe that is only one such hypothesis that needs testing. When people like Les Landwehr and others rail about "feminist dogma," I worry that the research necessary to come to some sort of reasonable conclusion about these hypotheses will be shunted aside for other, "easier" projects. OK, I'll admit that some folks will think this an imagined fear. Actually, I hope they're right. I agree with Wes that the problems which may exist in cyberspace are probably reflective, to a great extent, of problems within the larger society. I also agree that it's possible to ignore them in this medium, as it is to ignore them in other media. But I guess I don't really believe that ignoring a problem makes it go away. ------------------------------ Date: Fri, 7 May 93 11:43:56 EDT From: Jerry Leichter <leichter@LRW.COM> Subject: File 3--Cryptography and Mythology In a recent issue of Cud, Mike Godwin presented a series of interesting arguments concerning the Clipper initiative and the Constitution. Before he even got to those arguments, however, he mentions in passing a few issues that have been brought up repeatedly. I'd like to deal with one in particular. Mr. Godwin writes: > 2. Refusal to allow public scrutiny of the chosen >encryption algorithm(s), which is the normal procedure >for testing a cryptographic scheme, and I've seen this argument in various guises and in many different forums, from the most ill-informed flames in Usenet newsgroups to statements by the EFF and industry groups. What I find fascinating is the way that a claim like this can come to be believed, when in fact it has NO basis in reality. Until quite recently, almost all cryptography in the world was carried out by the defense establishments and foreign services of the world's governments. The systems they used, and the systems they continue to use to this day, were NEVER subject to public scrutiny. The NSA continues to attempt to keep under tight secrecy all information about their cryptographic work, including information about systems and techniques that were used 40 and more years ago. Despite their general success in this regard, as far as I can tell more information has been published about NSA systems and techniques than those of any other country (with the possible exception of Britain, if you believe what Peter Wright has to say in Spycatcher) - and some of what has been published out the techniques of others has probably come through NSA sources. What little private cryptography existed was based on modifications of older military cryptosystems - e.g., the famous Hagelin machines, based on modifi-cations of World War II technology. The security of these machines was never "subject to public scrutiny", and in fact we now know that they were long ago broken by the cryptoanalytic services of the world's major powers. Today, I think it's safe to say that the majority of encrypted communication is still carried out by the same organizations, using systems whose inner workings remain secret and definitely not subject to public scrutiny. Of the remaining encrypted communication, ignoring the many trivial algorithms in use, the bulk of significant encrypted traffic is almost certainly based on DES. While the DES algorithm is public, the design choices behind it remain secret to this day. It took Shamir's re-discovery of differential cryptography to justify the choice of the P boxes and the number of rounds in DES. To the shock of conspiracy theorists, differential cryptography ended up showing that DES was as strong with respect to this important class of attacks as any system of its size could be. What has gone unmentioned is that we STILL don't have a definitive statement as to the design principles behind DES: It took 15 years to re-discover differential cryptography. Might there be another, different attack that no one in the outside world has found yet? We don't know: The most widely used public cryptographic system is subject to only a limited degree of public scrutiny. If you watch the appropriate Usenet newsgroups, you'll get the impression that "everyone" is using PGP. In fact, not only is the total message traffic encrypted using PGP or related systems insignificant outside of this rather rarefied atmosphere, but it's worth pointing out that the PGP itself is based on IDEA (or is it FEAL?), a cryptosystem in the same class as DES - a class of cryptosystems that it is not at all clear is thoroughly understood in the research community. (Shamir's work demolished several related systems that had been seriously proposed. IDEA IS secure - against this class of attack.) Where, then, are we to find a "normal procedure for testing a cryptographic scheme" that involves "public scrutiny of the chosen encryption algorithm(s)"? "Public scrutiny" in the sense the term is being used here is very much at the center of academic life. It is NOT at the center of almost anything else in the world. It's hard to find a single product that we use on a day to day basis that has been subject to "public scrutiny" in this sense. Important details of design and manufacture of products are trade secrets. GM won't tell you the algorithms used in the chips that control your new car's engine. Coca Cola won't tell you what goes into their "secret formula". Most of the world is not academia, and does not share academia's value system. The "normal procedure for testing cryptographic scheme(s)" does not exist, and has NEVER existed. What has existed is the "normal procedure for testing results presented for academic publication", which has been applied, quite properly, to academic work on cryptography. This is quite a different thing. ------------------------------ Date: Thu, 6 May 1993 13:09:12 EST From: David Sobel <dsobel@WASHOFC.CPSR.ORG> Subject: File 4--New NIST/NSA Revelations New NIST/NSA Revelations Less than three weeks after the White House announced a controversial initiative to secure the nation's electronic communications with government-approved cryptography, newly released documents raise serious questions about the process that gave rise to the administration's proposal. The documents, released by the National Institute of Standards and Technology (NIST) in response to a Freedom of Information Act lawsuit, suggest that the super-secret National Security Agency (NSA) dominates the process of establishing security standards for civilian computer systems in contravention of the intent of legislation Congress enacted in 1987. The released material concerns the development of the Digital Signature Standard (DSS), a cryptographic method for authenticating the identity of the sender of an electronic communication and for authenticating the integrity of the data in that communication. NIST publicly proposed the DSS in August 1991 and initially made no mention of any NSA role in developing the standard, which was intended for use in unclassified, civilian communications systems. NIST finally conceded that NSA had, in fact, developed the technology after Computer Professionals for Social Responsibility (CPSR) filed suit against the agency for withholding relevant documents. The proposed DSS was widely criticized within the computer industry for its perceived weak security and inferiority to an existing authentication technology known as the RSA algorithm. Many observers have speculated that the RSA technique was disfavored by NSA because it was, in fact, more secure than the NSA-proposed algorithm and because the RSA technique could also be used to encrypt data very securely. The newly-disclosed documents -- released in heavily censored form at the insistence of NSA -- suggest that NSA was not merely involved in the development process, but dominated it. NIST and NSA worked together on the DSS through an intra-agency Technical Working Group (TWG). The documents suggest that the NIST-NSA relationship was contentious, with NSA insisting upon secrecy throughout the deliberations. A NIST report dated January 31, 1990, states that The members of the TWG acknowledged that the efforts expended to date in the determination of a public key algorithm which would be publicly known have not been successful. It's increasingly evident that it is difficult, if not impossible, to reconcile the concerns and requirements of NSA, NIST and the general public through using this approach. The civilian agency's frustration is also apparent in a July 21, 1990, memo from the NIST members of the TWG to NIST director John W. Lyons. The memo suggests that "national security" concerns hampered efforts to develop a standard: THE NIST/NSA Technical Working Group (TWG) has held 18 meetings over the past 13 months. A part of every meeting has focused on the NIST intent to develop a Public Key Standard Algorithm Standard. We are convinced that the TWG process has reached a point where continuing discussions of the public key issue will yield only marginal results. Simply stated, we believe that over the past 13 months we have explored the technical and national security equity issues to the point where a decision is required on the future direction of digital signature standards. An October 19, 1990, NIST memo discussing possible patent issues surrounding DSS noted that those questions would need to be addressed "if we ever get our NSA problem settled." Although much of the material remains classified and withheld from disclosure, the "NSA problem" was apparently the intelligence agency's demand that perceived "national security" considerations take precedence in the development of the DSS. From the outset, NSA cloaked the deliberations in secrecy. For instance, at the March 22, 1990, meeting of the TWG, NSA representatives presented NIST with NSA's classified proposal for a DSS algorithm. NIST's report of the meeting notes that The second document, classified TOP SECRET CODEWORD, was a position paper which discussed reasons for the selection of the algorithms identified in the first document. This document is available at NSA for review by properly cleared senior NIST officials. In other words, NSA presented highly classified material to NIST justifying NSA's selection of the proposed algorithm -- an algorithm intended to protect and authenticate unclassified information in civilian computer systems. The material was so highly classified that "properly cleared senior NIST officials" were required to view the material at NSA's facilities. These disclosures are disturbing for two reasons. First, the process as revealed in the documents contravenes the intent of Congress embodied in the Computer Security Act of 1987. Through that legislation, Congress intended to remove NSA from the process of developing civilian computer security standards and to place that responsibility with NIST, a civilian agency. Congress expressed a particular concern that NSA, a military intelligence agency, would improperly limit public access to information in a manner incompatible with civilian standard setting. The House Report on the legislation noted that NSA's natural tendency to restrict and even deny access to information that it deems important would disqualify that agency from being put in charge of the protection of non-national security information in the view of many officials in the civilian agencies and the private sector. While the Computer Security Act contemplated that NSA would provide NIST with "technical assistance" in the development of civilian standards, the newly released documents demonstrate that NSA has crossed that line and dominates the development process. The second reason why this material is significant is because of what it reveals about the process that gave rise to the so- called "Clipper" chip proposed by the administration earlier this month. Once again, NIST was identified as the agency actually proposing the new encryption technology, with "technical assistance" from NSA. Once again, the underlying information concerning the development process is classified. DSS was the first test of the Computer Security Act's division of labor between NIST and NSA. Clipper comes out of the same "collaborative" process. The newly released documents suggest that NSA continues to dominate the government's work on computer security and to cloak the process in secrecy, contrary to the clear intent of Congress. On the day the Clipper initiative was announced, CPSR submitted FOIA requests to key agencies -- including NIST and NSA -- for information concerning the proposal. CPSR will pursue those requests, as well as the pending litigation concerning NSA involvement in the development of the Digital Signature Standard. Before any meaningful debate can occur on the direction of cryptography policy, essential government information must be made public -- as Congress intended when it passed the Computer Security Act. CPSR is committed to that goal. *************************************************** David L. Sobel CPSR Legal Counsel (202) 544-9240 dsobel@washofc.cpsr.org ------------------------------ Date: Tue, 4 May 1993 10:29:54 From: The Advocate <The.Advocate@ano.nymo.us > Subject: File 5--About the Clipper Proposal Gentlemen. No matter about the clipper proposal. What the Federal government has not done in either the digital telephony statutes or the clipper chip proposal is prove that a problem exists nor that this is the least intrusive measure to resolve the problem. Digital encryption promises great power to the individual user, but the government has enormous power. The CIA and the NSA spend about 70 billion dollars a year, most of which is on technical signals capture and decryption. No-one has demonstrated that the CIA lacks the technology to still conduct wiretaps at points ahead of the encrypters, nor has anyone demonstrated that the NSA lacks the resources to de-crypt conversations. If in fact the NSA lacks the resources to de-crypt civilian conversations, then what have we been spending all this money for? Constitutional theory dictates that any government intrusion on a civil right, must take the form of the least intrusion. This proposal has not been demonstrated to be the least intrusive, nor has there been ademonstration that there is even a need. ------------------------------ From: Jim Thomas <cudigest@mindvox.phantom.com> Subject: File 6--Dvorak criticizes the SPA Date: Fri, 7 May 1993 02:20:21 EDT A recent article by John C. Dvorak from the May 11, 1993 issue of PC Magazine, commented on the Rusty & Edie's bust (we thank Mike Castle for drawing our attention to the piece). Dvorak was especially critical of the SPA. Dvorak is the second major columnist in the past month to begin challenging the SPA's philosophy and tactics. In CuD 5.32, we reported Michael Alexander's (editor of INFOSECURITY NEWS) criticisms and call for the SPA to change its direction. Alexander concluded: However, I believe that the SPA's much-publicized raids on businesses whose users are allegedly making unauthorized copies of software do little to advance the cause of information systems security. Any infosecurity practitioner will tell you that fear, intimidation and threats do not make for better security. What works is education, communication and cooperation. Dvorak's piece, "BBS Easy Target in FBI Bust" begins by summarizing Rusty and Edie's troubles when the FBI seized their equipment and other material in February. Dvorak cites one "intelligence-gathering" service that estimated that as many as 2,000 BBSes of the 25,000 it monitors specialize in "pirated" software, and that any of these could have been busted. However, he claims that R&E's was particularly vulnerable: But Rusty and Edie had made a lot of enemies in the BBS community because they had a reputation for reposting nudie .GIFs from other sources, removing the original promotional material and inserting their own promotional stuff--a practice despised by BBS operators. Many bulletin board services barely eke out a living and would be profitless if it weren't for the peculiar demand for downloadable pictures of people in the buff. Rusty had also done little to make friends in the BBS community. It's one of the few BBSs that do not even post the number of other BBSs for the convenience of subscribers. So when Rusty was busted, the community did nothing and said nothing. Many operators quietly smirked or applauded. Yes indeed, the SPA picked a convenient target. Dvorak argues that R&E's was not an outrageous pirate board that flaunted commercial software or other illicit activities. It was, he contends, a board that promoted shareware, which he calls a "legitimate threat to the software companies that sponsor the SPA." Why, he asks, didn't the SPA call R&E's or conduct an audit as they do in other cases? It was, Dvorak reasons, when R&E announced their intention to expand to 500 lines that "the FBI got serious." He adds with sarcasm that it's also a coincidence that "a major source of shareware is obliterated." Dvorak does not defend piracy, and he is explicit in stating that commercial software publishers should be compensated for their efforts. His column is not a defense of R&E, but a criticism of the SPA. Dvorak concludes: The SPA should protect the BBS operator from having equipment confiscated. These are computers, not drugs or illegal weapons! The rational means any PC Magazine reader suspected of having pirated software may have a PC confiscated. As in Stalin's Russia, it only takes a tip from an unfriendly neighbor. The SPA is that neighbor today. A disgruntled employee or jilted lover will be that neighbor tomorrow. Dvorak makes several good points. First, the current criminalization trend of even trivial computer delinquency risks unacceptable invasion by law enforcement. Second, the SPA--counter to it's claim to be a "good neighbor" may be acting in bad faith to promote its own vested interests. Finally, he has taken what until now has been an issue of concern to a small proportion of computer users and suggested how a continuation of the SPA's policies could lead to an oppressive climate in cyberspace. CuD has become increasingly critical of the SPA, and we have severe reservations with their professed goal of combatting piracy through education. It is our view that they are not acting in good faith and that they play rather loose with facts to bolster their raiding tactics. We will elaborate on this in a special issue in about two weeks. ------------------------------ From: CuD Moderators <tk0jut2@mvs.cso.niu.edu> Subject: File 7--New 'Zine (ORA.COM) by O'Reilly & Associates Date: Fri, 7 May 1993 11:40:11 CDT ((MODERATORS' NOTE: CuD does not advertise, and we receive no compensation for plugging an occasional product. We run the occasional blurb announcing a product when it seems of interest to computer hobbyists, or--which happens periodically--when we come across something of sufficient quality that we think it's worth checking out, as is the case here)). O'Reilly & Associates, the publishers who put out a line of first-rate Unix books, recently came out with a catalogue/newsletter that's slick, informative, and--for an inhouse advertising (ORA.COM) 'Zine--fun to read. What especially caught our eye was the sales figures for THE WHOLE INTERNET. Although it only appeared within the past year, it's in its fifth printing (125,000 copies in print) and in some stores has outsold Madonna as the best seller. We like ORA.COM for a couple of reasons: It's informative and gives a nice summary of the O'Reilly line (which it's supposed to do); The layout is not typical of most publishers' catalogues--it more closely resembles WIRED and similar cyber-age 'Zines; It's FREE! The premier issue of ORA.COM includes news and features, including an Internet department, general news and tips of interest to sysops, sysads, and computer users, and tips and tricks for becoming more adept at computer use. It's worth a look. For more information, contact: Brian W. Erwin O'Reilly & Associates, Inc. 103 Morris Street, Suite A Sebastopol, CA 95472 Internet: letters@ora.com / Voice: (800) 998-9938 - (707) 829-0515 ------------------------------ End of Computer Underground Digest #5.34 ************************************