Computer underground Digest Thu Jan 2, 1997 Volume 9 : Issue 01 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.01 (Thu, Jan 2, 1997) File 1--CLO#21-Negotiating the end of the millennium File 2--Jenott case: More gossip, so-called criminal hacker stuff File 3--Soldier Innocent of Giving Secret Code to Chinese File 4--Crack5: ANNOUNCE: Daily Telegraph Article (fwd) File 5--BoS: Phrack 49 (fwd) File 6--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Tue, 24 Dec 1996 17:22:23 +0100 From: "William S. Galkin" <wgalkin@EARTHLINK.COM> Subject: File 1--CLO#21-Negotiating the end of the millennium [PLEASE NOTE: All back issues can now be found at the Computer Law Observer site located at: http://www.lawcircle.com/observer] ============================================================= December, 1996 The Computer Law Observer Issue No. 21 ============================================================= The Computer Law Observer is distributed monthly for free by Challenge Communications. To subscribe, e-mail to lawobserver-request@charm.net with the word "subscribe" (leaving out the quotation marks) in the message area. To unsubscribe, do the same, inserting the word "unsubscribe". Re-posting is prohibited without permission. Copyright 1996 by Challenge Communications. See our website for back issues: http://www.lawcircle.com/observer ------------------------------------------------------------ ++++++++++++++++++++++++++++++++++++++++++++++ NEGOTIATING THE END OF THE MILLENNIUM ++++++++++++++++++++++++++++++++++++++++++++++ by William S. Galkin, Esq. (biography at end) Irony - Billions of dollars, and the world's best and brightest, have been devoted to the development of information technologies. And, now, with the meteoric rise in use of the Internet, we seem finally to be at the dawn of a new era where information resources will truly permeate our lives - dramatically altering the landscape of mankind in a manner many compare to the industrial revolution. And yet, someone discovered a flaw, a fault line that runs through much of the system. A simple programming error, that when viewed with hindsight one wonders "How could anyone have made such an obvious mistake?" This article focuses on the legal issues involved in successfully negotiating a solution to what is often referred to as the "Year 2000 Problem". Mistake - Date calculations play an essential role in most applications. Almost all applications record information regarding the year with two digits (i.e., 96 for 1996). The basic functions involving dates include calculating, comparing and sequencing. Therefore, when a program wants to calculate a person's current age, it will perform a calculation by subtracting the person's date of birth from the current year. In my case, subtract 57 (1957) from 96 (1996) and the result is 39. However, when the new millennium arrives, the year information contained in most applications will be "00". The calculation of my age (i.e., 00 minus 57) produces an erroneous result of negative 57! Magnitude - All hardware and software systems are potentially affected by the Year 2000 problem, even applications that are resident with service bureaus. Major corporations are expected to have to pay at least $40 million to rectify the problem. The worldwide cost could reach $400 billion. Federal Express was reported as having paid 5 cents per line of code to correct the problem, which resulted in a $500 million total cost. Chubb Insurance has paid $180 million and the state of Nebraska has paid $32 million. The problem is estimated to affect 95% of all U.S. companies. To date, only one third of affected companies are undergoing conversion. Some estimate that either the cost to repair or the failure to repair could result in a bankruptcy rate of 1 to 5%. The repair process is complex and involves either a data solution or a procedural solution. The data solution involves the modification of each occurrence of a date. This requires a methodical line-by-line analysis of code. With each change, the affected logic must be revisited and the modification must then be tested. Mid-sized companies will often have millions of lines of code. As many as one in every 50 lines could have a date reference. Data entry screens and output formats will have to be modified as well. A procedural solution involves changing the processing methodology so that an application will know that "18" means "2018" instead of "1918". This approach is difficult to implement as well. First steps - Every affected company needs to design its own approach to the Year 2000 problem. Usually a team will be set up to oversee the process. The team will include the appropriate internal technical personnel as well as management and outside consultants. Financial and legal advisors may also need to be included. The first step is to take a thorough inventory of all affected applications and gather all of the software license and support agreements that govern such applications to determine each party's rights and liabilities. There are a variety of provisions that might be found in these agreements, especially for custom software or where agreements went through a negotiation process. Some provisions might obligate the vendor to assist with the repairs or impose liability for damages that occur due to the Year 2000 problem. Additionally, a licensee will need to identify all confidentiality restrictions that might be found in the license agreements in order that when the repair work begins, it can proceed efficiently without violating these provisions. Many modifications will require access to the source code. Therefore, it is important to determine whether a source code escrow agreement requires delivery to rectify such a problem. Negotiating the cure - Rectifying the Year 2000 problem is complex because of both the variable times when problems might arise and because of the variety of forms the problems might take. Accordingly, when hiring outside consultants to repair the problem, a careful agreement needs to be drafted to specify what the problem is, how and when it is going to be fixed, and what happens if it is not adequately fixed. Following is a discussion of some of the important issues that need to be considered: DEFINITION OF PROBLEM: A survey of the problem is the first step. This can be performed in house, by a third party consultant or by the vendor hired to correct the problem. The results of this analysis will become an essential component of the agreement. The survey should include a catalogue of all applications reviewed and specifications as to what kind of corrections are needed for each application. There are a variety of correction methods that can be implemented - some will be appropriate for some applications, and not for others. The ideal goal is for the vendor to represent that all Year 2000 problems will be corrected, even those not listed in the survey results. However, most vendors will not agree to such a global representation. CONFIDENTIALITY: The vendor will be having intimate contact with a large portion of the information about the company. Additionally, the company itself will be under confidentiality restrictions that may prohibit the company granting access to certain applications. Accordingly, the confidentiality issues need to be settled in advance. IMPLEMENTATION SCHEDULE: It cannot be over stressed, that with Year 2000 repairs, time is of the essence. A detailed implementation schedule needs to be prepared and specific remedies and options need to be available if the schedule becomes delayed due to the actions of the consultant or the company. EVALUATING PROGRESS: Having the work completed by a certain date, well in advance of December 31, 1999, if possible, may be crucial in accomplishing an effective transition. Accordingly, the vendor should be required to keep the company regularly informed of progress and of any delays. CHANGE ORDERS: As the work begins to be performed, it is inevitable that additional tasks will be identified as needing to be performed. The agreement needs to be flexible enough to adjust for these changes in scope. TIME OF WORK AND DISRUPTION: Much of the Year 2000 repair work will have to be performed when the system or certain applications are down. This means that companies will want this work performed at night or over the weekends. Accordingly, it is important that the agreement set forth when the system will be done, and who determines the down schedule. TESTING PROCEDURES: Given the complexity of the repair methods, testing must be an essential component of the repair services. The vendor and the customer must develop and agree upon test criteria, how the tests will be performed, and when the system is considered to have passed the test. Additionally, it is important that a significant period of live use be a part of the test period. In order for this to be effectively available, the repair work must be completed well before December 31, 1999. FOLLOW-UP REPAIRS: It is likely that the testing procedures will turn up problems and errors. These errors may or may not fall within the scope of the repair services. Accordingly, the vendor should agree to be available (i.e., have personnel available) to rectify whatever problems arise. This is an important provision. As the year 2000 approaches, vendors will be stretching themselves thinner and thinner to complete the work by the deadline. Without prior assurances, there may not be personnel available to perform these follow up services. COST INCREASES; EMERGENCY SERVICES: Many service agreements are done on a time and materials basis and the vendor can increase the hourly rate after giving proper notice (e.g., 60 days' prior written notice). These provisions are workable when other vendors are available to substitute for a vendor that raises its price too much. As time goes on, it will be prohibitively expensive to find a substitute vendor, if one can be found at all. LENGTH OF WARRANTY: Not all Year 2000 glitches will be apparent at the turn of the century. It may take months or even years for some to surface. The warranty provision needs to take this issue into account. Other issues - Obviously, all new license agreements should include Year 2000 compliance requirements. This is a complex provision and should be carefully drafted. However, a discussion of this provision is beyond the scope of this article. Given the cost to repair and the potential for damage resulting from lack of compliance, due diligence for any corporate acquisition or significant loan or investment, must include a thorough evaluation of this issue. Many boards of directors have been postponing dealing with the problem because of the large expense that will appear on their financial statements. To make matters worse, the Financial Accounting Standards Board emerging issues committee has determined that money spent on the Year 2000 Problem must be charged against the current year's earnings, and cannot be amortized. However, a corporation that does not develop, in a timely manner, a complete compliance plan, will be a good target for shareholder suits against the officers and directors if failure in this regard results in a decrease in the value of the stock or company. Conclusion - Some companies are waiting for a "silver bullet" that will be developed which will simply and efficiently rectify the problem. However, the most optimistic predictions foresee the best technological developments providing at most a 30% savings in repair time and costs. The process of making systems Year 2000 compliant can be complex and fraught with unknown variables. A good agreement is necessary to successfully deal with the many issues involved. However, given that the end of the millennium is approaching fast, a prudent company will construct alternate plans if compliance is not achieved on time. ABOUT THE AUTHOR: Mr. Galkin can be reached for comments or questions about the topic discussed in this article as follows: E- MAIL: wgalkin@lawcircle.com WWW: http://www.lawcircle.com/galkin TELEPHONE: 410-356-8853/FAX:410-356-8804 MAIL: 10451 Mill Run Circle, Suite 400 Owings Mills, Maryland 21117. Mr. Galkin is an attorney in private practice. He is also the adjunct professor of Computer Law at the University of Maryland School of Law. He is a graduate of New York University School of Law and has concentrated his private practice on intellectual property, computer and technology law issues since 1986. He represents small startup, midsized and large companies, across the U.S. and internationally, dealing with a wide range of legal issues associated with computers and technology, such as developing, marketing and protecting software, purchasing and selling complex computer systems, launching and operating a variety of online business ventures, and trademark and copyright issues. ------------------------------ Date: Sat, 21 Dec 1996 18:50:46 -0600 (CST) From: Crypt Newsletter <crypt@sun.soci.niu.edu> Subject: File 2--Jenott case: More gossip, so-called criminal hacker stuff The so-called criminal hacker ============================= By December 17th, the U.S. Army's prosecution of Eric Jenott, "the Ft. Bragg hacker," was in full swing. Much of the testimony appeared aimed at proving Jenott to be a criminal hacker. However, a key witness turned out to be little more than a convicted thief attempting to curry favor for himself in return for helping to convict Jenott. Other testimony appeared to be standard circumstantial hacker hearsay attributed to the Ft. Bragg soldier. Very little of the court's unclassified proceedings convincingly portrayed Jenott as a potential spy for communist China. Raymond Chen, a former Marine, testified Jenott gave "the [Internet] address for the secretary of defense computer system" to him "before Jenott joined the Army." Chen accessed the system using this information, he said. According to Chen, Jenott confided that he had been hacking into Navy, Air Force and other DoD computers since 1994. He claimed that Jenott had admitted to deleting information from a Navy system. Chen, who is also in legal trouble from this case and a convicted thief stemming from a 1991 break-in at the University of Washington in which he stole a computer, claimed he has been granted immunity from prosecution in exchange for his testimony in the Jenott case. Chen was convicted of burglary and possession of stolen property in December 1992. His sentence was 60 days in jail and 30 days of community service. Chen testified that he had negotiated immunity with Army prosecutor Emmett Wells. According to the Fayetteville Observer, Chen said in court "Wells said if I can get Jenott convicted of espionage, he will get me out of my trouble in Washington state." Wells was removed from the case when he attempted to commit suicide by slashing a wrist a few days earlier. Army prosecutor Matthew Wilkov had Chen say "he understood that Wells was an Army prosecutor and had no direct control over the charges in Washington." However, Wilkov added "he had agreed to write a letter saying Chen had cooperated in an Army case." Testimony continued from Army employees who worked the Fort Bragg bulletin board system. Janet Warden said she had been monitoring posts by Jenott and undisclosed others on the board. It was about computer hacking, she said, and included references to S-MILS, a military acronym for secure military sites. Warden said she had been instructed to observe Jenott's conversations on the system. Logs from the Ft. Bragg BBS indicated Jenott sent "several" electronic messages to Qihang Liu at Oak Ridge, Tennessee. Liu did not reply. Another military intelligence investigator, Ronald E. Davis, said that he interviewed Jenott and that "I learned he passed the password . . ." Davis was asked twice by prosecution what he learned from Jenott. The second time he said he "learned [Jenott] committed espionage." Jenott's lawyer, Tim Dunn, immediately objected and Fred Arquilla sustained it. The court was then closed again for the purposes of secrecy during the rest of Davis' presentation and testimony from John F. Deasy, a soldier from the Land Information Warfare Activity at Fort Belvoir, Virginia. When the court was re-opened, Deasy said he had been asked to look "over a file about someone from Fort Bragg hacking into [a] University British Columbia computer." Deasy also said he was told the security of a "switching station" on the Army's Mobile Subscriber Network was breached. Ray Chen testified again, claiming he had learned in a chat group with Jenott's brother, Lance, and unnamed others that Jenott had "hacked" into a university of British Columbia computer. Other prosecution witnesses said they had followed Jenott's discussions on the Ft. Bragg BBS on the use of passwords of "professors and students" to hack into computers and the utilization of laptops and payphones to avoid being traced. Izzit secret? ============= While the U.S. Army contended Eric Jenott gave a secret password for a secure cellular telephone network to Quihang Liu, the system's builder did not consider the password verboten until more than a full month after the Ft. Bragg hacker was charged with espionage. GTE developed the system and an employee, Steven Sullivan, testified at Jenott's court martial in another closed session, December 18th. The prosecution's Matthew Willkov maintained the password was classified. "If classified information is carried on the system, the password is secret" he said, according to the Fayetteville Observer. Jenott's defense disagreed. Judge Fred Arquilla said the password is classified, but only in the context of determining whether the court should be in closed session during testimony. He informed the jury that closing the court should not bear on its decision as to whether or not the password in contention was or is actually classified. Clear? Anyway, much later FBI agent Steven McFall -- who said he was suffering from a case of food poisoning -- testified that federal agents had seized an Army jacket and uniform with Jenott's name on it from the apartment of Quihang Liu. Suicide? Or not? In court gossip rules ======================================== Jenott's counsel, Tim Dunn, said on Friday that he had checked out a tip "that a former prosecutor [Emmett Wells] in the case tried to kill himself because he was being pressured to alter documents." According to the Fayetteville Observer, Dunn said he had also talked to Wells and the rumor proved unsubstantiated. "He said it was not true, it was fascinating, but he had to go," Dunn said. Wells is currently being treated at Walter Reed Army Medical Center after apparently trying to kill himself by slashing a wrist last Sunday. The Observer also reported the defense's effort to have some evidence declared inadmissible because the government has kept sloppy records on it. Judge Fred Arquilla denied Dunn's request but said he could introduce evidence pointing out the government's sloppiness. Kevin Nauer testified on computer data apparently seized from Jenott's hard disks or diskettes. It included words purported to be written by the Ft. Bragg hacker. According to Knauer and reported in the Observer, a poem credited to Jenott said "At least I'll have a tiny part in bringing this nation to its knees." According to prosecution testimony, Jenott is also claimed to have said he had "wiped out hundreds of computers at the Defense Information Systems Agency." Throughout most of the Jenott case, it has been impossible to distinguish whether much of the testimony is based on anything more substantive than weird hacker bragging, notes from the underground, hearsay or crazy gossip. Full text from the Fayetteville Observer: http://www.foto.com George Smith Crypt Newsletter http://www.soci.niu.edu/~crypt ------------------------------ Date: Tue, 31 Dec 96 12:31 CST From: Jim Thomas <tk0jut1@mvs.cso.niu.edu> Subject: File 3--Soldier Innocent of Giving Secret Code to Chinese Copyright Chicago Tribune Monday, December 23, 1996 SOLDIER INNOCENT OF GIVING SECRET CODE TO CHINESE A soldier accused of passing a secret computer code to a Chinese citizen was acquitted Sunday (Dec. 23) of espionage, the most serious charge at his court martial. But Pfc. Eric Jenott, 21, was convicted of damaging government property and computer fraud after closing arguments. Jenott, of Graham, Wash., was sentenced to three years in prison and ordered to forfeit all benefits. <snip> ------------------------------ Date: Fri, 27 Dec 1996 13:20:01 -0600 (CST) From: Chip Rosenthal <chip@UNICOM.COM> Subject: File 4--Crack5: ANNOUNCE: Daily Telegraph Article (fwd) Just wanted to bring this news posting to your attention. The Telegraph appears to be on-line as <http://www.telegraph.co.uk/>. It might be worth checking the "Connected" section next week to see if something appears there. ------- start of forwarded message ------- From--Alec Muffett <alecm@crypto.dircon.co.uk%antispam> Subject--Crack5--ANNOUNCE--Daily Telegraph Article I gather (from the journalist concerned) that next week's (tuesday?) Daily Telegraph Computing Section will carry an article regarding the release of Crack5, in which "most security experts" are "highly critical" of "gifted amateurs" (!) such as myself, who "irresponsibly" release software such as Crack, SATAN, COPS, etc, onto the net. I've chatted with the fellow quite extensively, and also gather that he was unable (in the midst of the christmas break) to find any "security experts" who could find a good word to say about Crack; undeterred, I've had a go at putting a positive spin on the matter, and can only but hope that between his hands and the final print that I don't wind up looking a villan - I suspect I shan't, but you never know... Regardless, I must admit that I look forward to the almost inevitable furore with some enthusiasm. 8-) Followups set to comp.security.unix. ------------------------------ Date: Wed, 18 Dec 1996 01:54:46 -0500 (EST) From: "noah@enabled.com" <noah@enabled.com> Subject: File 5--BoS: Phrack 49 (fwd) From -Noah ---------- Forwarded message ---------- Date--Fri, 8 Nov 1996 19:46:47 -0800 (PST) Subject--BoS--Phrack 49 -----BEGIN PGP SIGNED MESSAGE----- The new issue of Phrack Magazine, the underground's *premier* computer security publication, is upon us all!! http://www.infonexus.com/~daemon9/phrack49.tgz ftp://ftp.infonexus.com/pub/Philes/Phrack/phrack49.tgz http://www.fc.net/~phrack or send email to the below address... An excerpt from Issue 49, P49-01: .oO Phrack 49 Oo. Volume Seven, Issue Forty-Nine 1 of 16 Issue 49 Index ____________________ P H R A C K 4 9 November 08, 1996 ____________________ Welcome to the next generation of Phrack magazine. A kinder, gentler, Phrack. A seasoned, experienced Phrack. A tawdry, naughty Phrack. A corpulent, well-fed Phrack. Phrack for the whole family. Phrack for the kids, Phrack for the adults. Even Phrack for the those enjoying their golden years. If you thought 48 was a fluke, here is 49, RIGHT ON SCHEDULE. Full speed ahead, baby. We promised timely Phrack. We promised quality Phrack. Here are both in ONE CONVENIENT PACKAGE! We trimmed the fat to bring you the lean Phrack. Chock full of the healthy information you need in your diet. All natural. No artificial ingredients. No snake oil. No placebo effect. Phrack is full of everything you want, and nothing you don't. This issue is the first *official* offering from the new editorial staff. If you missed them, our prophiles can be found in issue 48. Speaking of 48, what a tumultuous situation article 13 caused. All that wacking SYN flooding. Well, it got the job done and my point across. It got vendors and programmers working to come up with work-around solutions to this age-old problem. Until recently, SYN-flooding was a skeleton in the closet of security professionals. It was akin the crazy uncle everyone has, who thinks he is Saint Jerome. We all knew it was there, but we ignored it and kinda hoped it would go away... Anyway, after this issue, I hope it *will* just go away. I have done interviews for several magazines about the attack and talked until I was blue in the face to masses of people. I think the word is out, the job is done. Enough *is* enough. " SYN_flooding=old_hat; ". Onto bigger and better things. A few more quick points (after all, you want Phrack Warez, not babbling daemon9). I want to thank the community for supporting me (and co.) thus far. Countless people have been quite supportive of the Guild, the Infonexus, and of Phrack. Time and work do permit me to get back to all of you individually, so just a quick blurb here. Thank you all. I will be using Phrack as a tool to give back to you, so please mail me (or any of the editors with your suggestions). This is *your* magazine. I just work here. Most of all, I am stoked to be here. I am giving this my all. I'm fresh, I'm ready... I'm hyped + I'm amped (most of my heros don't appear on no stamps..). Drop us a line on what you think of 49. Comments are encouraged. Bottom line (and you *can* quote me on this): Phrack is BACK. - daemon9 [ And remember: r00t may own you, but the Guild loves you ] [ TNO, on the other hand, doesn't even fucking care you exist ] - --------------------------------------------------------------------------- Enjoy the magazine. It is for and by the hacking community. Period. Editors : daemon9, Datastream Cowboy, Voyager Mailboy : Erik Bloodaxe Elite : Nirva (*trust* me on this one) Raided : X (investigated, no charges as of yet) Hair Technique : Mycroft, Aleph1 Tired : TCP SYN flooding Wired : Not copping silly slogans from played-out, vertigo inducing magazines. Pissed off: ludichrist Pissed on: ip News : DisordeR Thanks : Alhambra, Halflife, Snocrash, Mythrandir, Nihil, jenf, xanax, kamee, t3, sirsyko, mudge. Shout Outs : Major, Cavalier, Presence, A-Flat, Colonel Mustard, Bogus Technician, Merc, Invalid, b_, oof, BioHazard, Grave45, NeTTwerk, Panzer, The Bishop, TeleMonster, Ph0n-E, loadammo, h0trod. Phrack Magazine V. 7, #49, November 08, 1996. Contents Copyright (c) 1996 Phrack Magazine. All Rights Reserved. Nothing may be reproduced in whole or in part without written permission from the editors. Phrack Magazine is made available quarterly to the public free of charge. Go nuts people. Subscription requests, articles, comments, whatever should be directed to: phrackedit@infonexus.com Submissions to the above email address may be encrypted with the following key (note this is a NEW key): - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzJuWJgAAAEH/2auap+FzX1AZOsQRPWRrRSOai2ZokfVpWWJI8DRuSpX9l7w 5qWHrZdL/RweA4lgwAmcrAOD6d8+AzZfXEhkKi92G9ZNy2cjsb5g7oamkcPmC03h pdhRe5rHXDWUtXDEhHlkV0WvkLXrhFijW2VdJ2UDFyFd8q0nBSIz+JTGneNO0w4q aowCx3gZpEb4hkEU1LFoJXywZhnBg06jSxD9exbBF2WKeealqTlntlcsMmeJ3OdS 9fqnGI19BWirqkIJYtNXdzP4M2usOEvikrdhXwSbCNcDGcY6pyKco2rKbBUj5V2I 8/2L0TSGSaRBZ/YKRplwycldy63UVVTLMNGQCCUABRG0KlBocmFjayBNYWdhemlu ZSA8cGhyYWNrZWRpdEBpbmZvbmV4dXMuY29tPg== =eHJS - -----END PGP PUBLIC KEY BLOCK----- ENCRYPTED SUBSCRIPTION REQUESTS WILL BE IGNORED Phrack goes out plaintext... You certainly can subscribe in plaintext .oO Phrack 49 Oo. ------------------------------------- Table Of Contents 1. Introduction 7 K 2. Phrack loopback 6 K 3. Line Noise 65 K 4. Phrack Prophile on Mudge by Phrack Staff 8 K 5. Introduction to Telephony and PBX systems by Cavalier 100K 6. Project Loki: ICMP Tunneling by daemon9/alhambra 10 K 7. Project Hades: TCP weaknesses by daemon9 38 K 8. Introduction to CGI and CGI vulnerabilities by G. Gilliss 12 K 9. Content-Blind Cancelbot by Dr. Dimitri Vulis 40 K 10. A Steganography Improvement Proposal by cjm1 6 K 11. South Western Bell Lineman Work Codes by Icon 18 K 12. Introduction to the FedLine software system by Parmaster 19 K 13. Telephone Company Customer Applications by Voyager 38 K 14. Smashing The Stack For Fun And Profit by Aleph1 66 K 15. TCP port Stealth Scanning by Uriel 32 K 16. Phrack World News by Disorder 109K 575k ------------------------------------- "...There's MORE than maybes..." - Tom Regean (Gabriel Bryne) "Miller's Crossing" [ Obviously referring to the blatent truism that Phrack IS back ] "...Fuckin' Cops..." - Verbal Kint/Keyser Soze (Kevin Spacey) "The Usual Suspects" [ Not sure what was meant by that.. ] "Got more funky styles than my Laserjet got fonts" - 311/Grassroots "Omaha Stylee" [ That would be referring to us, of course ] EOF - -- [ route@infonexus.com ] Editor, Phrack Magazine / Member, Guild Corporation ...check out the nametag.. you're in MY world now grandma... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMoP+pgtXkSokWGapAQFpqgQAgDEjwg7Q9TDbTQHzECneOc4FHK4QNAkb pynBsLq21gzhzzGDxLDveKv4lEJBPxqGnE1Fex3hnqdsL46oXMjRECRHkmP8Lhqx +P1N7Xa+q50NKkvuh2vZFdTN3Jgihwf5AF+5ngrlVbeV945BCJ1K9mr4GAUGccQD KoAKHrOPKIw= =deJO -----END PGP SIGNATURE----- ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators <cudigest@sun.soci.niu.edu> Subject: File 6--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.01 ************************************