Computer underground Digest    Sun  Apr 20, 1997   Volume 9 : Issue 31
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.31 (Sun, Apr 20, 1997)

File 1--XT clone for donation or sale (Sun Devil Redux)
File 2--ACLU Cyber-Liberties Update
File 3--Technology and Society (from NETFUTURE #45)
File 4--Texas ISPs Targed in Secessionist Case
File 5--Crack DES Challenge
File 6--(Fwd) A listserv joke
File 7--Family-Friendly Internet Access Act of 1997
File 8--Cu Digest Header Info (unchanged since 13 Apr, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Thu, 10 Apr 1997 09:18:48 -0500 (CDT)
From: Bob Izenberg <bei@austin.sig.net>
Subject: File 1--XT clone for donation or sale (Sun Devil Redux)

((MODERATORS' NOTE: Back in the dark days of early 1990, when
the US Secret Service "discovered" TGHM (The Great Hacker Menace),
Bob Izenberg was one of the system administrators caught up
in the Kafkaesque nightmare of legal limbo. He was never
arrested, indicted, or accused of wrong-doing, but his
computer equipment was seized and prosecutors left him
limbo for years. In part, it seemed that, like Dr Ripco and
some others, the feds weren't sure what to do with him,
and personnel changes amongts the feds added to the confusion
on both sides. Finally, somebody in the USSS figured out that
maybe, just maybe, somebody should close the case and return
his equipment.
For a summary of what all the fuss was about back in 1990,
go out and buy Bruce Sterling's THE HACKER CRACKDOWN,
which remains the best source of information for the period)).

	The United States Secret Service has returned to me the PC-XT
clone system seized at my residence in February of 1990.  It still
works, which surprised me, but of course its disk had been wiped.
It wasn't bad for an XT by the standards of the day:  2Mb EEMS
memory card, Perstor disk controller, full-height 70Mb MFM fixed
disk, NEC V20 processor.  Today, of course, it's a doorstop.
Anyway, as Ron Roberts and many other taxpayers graciously paid
for its storage for all these years, it's the least that I can do
to give it away to a worthy cause.  Or even an un-worthy cause,
just to get it out from under the desk.  No, it won't run Windows
95 or any software written in at least the last five years.  No
warranty is offered, other than an assurance that seven years
stored next to the Ark of the Covenant in Illinois hasn't damaged
(or improved) it one bit.  First come, first served, and you pay
the shipping.  After May 1st, it's history if nobody's claimed it.

Bob
--
 ================  "We make the Internet work."  ================
   bob izenberg                          phone: +1 512 306-0700
   sig.net network operations                       bei@sig.net

------------------------------

Date: Wed, 16 Apr 1997 20:19:36 GMT
From: "ACLU Cyber-Liberties Update Owner"@newmedium.com
Subject: File 2--ACLU Cyber-Liberties Update

                        ACLU Cyber-Liberties Update
                        Wednesday, April 16, 1997

* Act Now to Restore Telephone Privacy - Fax Congress

The FBI is using a 1994 law (CALEA, or the "Communications Assistance to
Law Enforcement Act") to force telecommunications companies to change
their equipment and facilities to weaken privacy protection and provide
enhanced wiretap access for government agents. In 1994, Congress
authorized a half-billion dollars to pay for changes in old technology
but blocked actual funding until last year when Congress both set up a
special "slush fund" using excess funds from intelligence and law
enforcement agencies and said the FBI could spend part of the money
authorized in 1994. But Congress prohibited spending any money until the
FBI submitted an implementation plan approved by Congress.

The annual appropriations process gives us yet another chance to tell
Congress not to allow this unprecedented attack on our privacy. Let your
own representative and senators know that you want them to oppose funding
this attack on your telephone privacy.

Use the ACLU web site action fax page to send a fax to your members of
Congress telling them not to fund CALEA! The free web-to-fax gateway will
allow you to look up your representatives on Capitol Hill and send faxes
right to their offices. It can be found at:

http://www.aclu.org/action/calea_act.html

   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Privacy Risks Shut Down Government Web site

The Social Security Administration recently announced that it had shut
down an Internet site that supplied information about people's personal
income and retirement benefits because of concerns that it might violate
privacy rights, the New York Times reports.

Thousands of people have obtained such data on the World Wide Web by
requesting "personal earnings and benefit estimate statements."  A
computer user seeking the information need only  supply a name, address,
telephone number, place of birth, social security number and mother's
maiden name.  Experts on computer and privacy law expressed concern that
such safeguards were not enough to keep people from obtaining
confidential electronic data about others.

"It remains unclear exactly where SSA officials were trying to go with
this program, but in any case they ran over the privacy of 140 million
Americans to get there,"said Don Haines, legislative counsel on privacy
and cyberspace issues for the Washington national office of the American
Civil Liberties Union.

"We appreciate that the agency was trying to expand access to public
information, but in doing so, it made the information a little too
public.  Without providing appropriate safeguards, the agency had no way
of insuring that private information was only available to those entitled
to have access."

Haines said that with confidential information open to ex-spouses,
landlords, employers, co workers, intrusive neighbors and credit
agencies, the potential for abuse was enormous. The ACLU is working with
members of Congress on legislation to correct the problem.

Acting Commissioner of Social Security John J. Callahan said the agency
would hold public forums around the country in the next 60 days to hear
from beneficiaries and experts on privacy and computer security.

This is just the most recent case of problems with the privacy of records
held by the Social Security Administration. Almost exactly a year ago, in
what computer experts said might be one of the biggest breaches of
security of personal data held by the Federal government, Federal
prosecutors in New York  revealed that several employees of the Social
Security Administration passed information on more than 11,000 people to
a credit-card fraud ring.  That information, the prosecutors said in
court papers, included social security numbers and mothers' maiden names,
and allowed the ring to activate cards stolen from the mail and run up
huge bills at merchants ranging from J&R Music world to Bergdorf Goodman.



 The Internet address of the Social Security Administration is
http://www.ssa.gov.  General information about Social Security programs
is still available there.



  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Witnesses testify in New York State Cyber-censorship case. Oral
Arguments scheduled for April 22.


	In hearings last week, witnesses representing an online arts group,a
library, a gay issues forum and the American Civil Liberties Union  all
testified that a New York statute barring "indecency" on the Internet
could  subject them to criminal prosecution.

       Their testimony on Monday April 7 concluded three days of
courtroom hearings before Judge Loretta A. Preska in  ALA v. Pataki, the
challenge to New York`s Internet censorship law brought by the American
Civil Liberties Union, the New York Civil Liberties Union, the American
Library Association, and others.

       The groups argue that the law, which imposes criminal sanctions of
up to four years in jail for  communicating so-called "indecency" to a
minor, would reduce all speech on the Internet to a level suitable  for a
six-year-old. The ACLU successfully challenged a similar federal law in
Reno v. ACLU, currently under review by the Supreme Court.

       "We think we were able to demonstrate the disastrous effect the
New York law -- like the federal CDA --  would have on individual
speakers and non-profit groups who communicate on the Internet both
within and outside the state of New York," said Ann Beeson, an ACLU
national staff attorney who conducted direct  examination of several
plaintiff witnesses. "A long line of well-established Supreme Court
decisions  demonstrate that government cannot ban protected speech for
adults in the name of shielding children."

	Beeson is profiled in this week`s New York Magazine, in an article that
raises, and answers in the affirmative, the question "Could it be that
New York`s redundant, unconstitutional Internet-indecency law is more
useful for scoring political points for protecting children?"

	Judge Preska has scheduled oral arguments in the case for April 22.
Argument will begin at 2:00pm in room 12A at 500 Pearl Street, New York
City.
	
	Full information on the New York Internet censorship case, including
links to transcripts, can be found at
http://www.aclu.org/news/nycdahome.html

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ACLU Cyber-Liberties Update Editor:
Lisa Kamm (kamml@aclu.org)
American Civil Liberties Union National Office
132 West 43rd Street
New York, New York 10036

To subscribe to the ACLU Cyber-Liberties Update, send a message
to majordomo@aclu.org with "subscribe Cyber-Liberties" in the
body of your message. To terminate your subscription, send a
message to majordomo@aclu.org with "unsubscribe Cyber-Liberties"
in the body.

The Cyber-Liberties Update is archived at
http://www.aclu.org/issues/cyber/updates.html

For general information about the ACLU, write to info@aclu.org.
PGP keys can be found at http://www.aclu.org/about/pgpkeys.html

------------------------------

Date: Wed, 9 Apr 1997 17:19:23 -0400
From: Steve Talbott <stevet@ora.com>
Subject: File 3--Technology and Society (from NETFUTURE #45)

((MODERATORS' NOTE: We came across NETFUTURE and were impressed
by it. Here's a sample of the articles that Steve Talbott, the
editor, runs. This E-Zine is worth taking a look it!))

                          +++++++++++++

                   Technology and Human Responsibility

 ------------------------------------------------------------------
Issue #45      Copyright 1997 Bridge Communications          April 9, 1997
 -----------------------------------------------------------------
Opinions expressed here belong to the authors, not Bridge Communications.

                       Editor:  Stephen L. Talbott

 NETFUTURE on the Web:  http://www.ora.com/people/staff/stevet/netfuture/
    You may redistribute this newsletter for noncommercial purposes.


From Steve Talbott <stevet@ora.com>

            The evidence of our hollowing out as human beings
                        is staring us in the face.

                             Is anyone home?

These days no article about technology and society seems complete without
at least one reference to the accelerating pace of change.  But, despite
their ubiquity, a number of these references have particularly jumped out
at me in recent weeks.  Here are a few examples:

*   An article about Cisco in the *Boston Globe* described that company's
    current, top-of-the-line router, the model 7500, which sells for some
    $100,000 "fully loaded," and routes a million packets per second.
    "For a while," the article noted, "that capacity set the industry
    standard.  But within months of the 7500's release in 1996, some Cisco
    customers were describing the machine as `long in the tooth' and
    `dinky.'"

*   The *EE Times* carried a piece about a new generation of fast Internet
    protocols.  A high-tech executive is quoted as saying, "This is not a
    little, incremental shift.  It's a major disruption of everything
    that's going on in the industry."

*   Princeton University vice president, Ira Fuchs, on Internet II:  "It's
    not as simple as `You change the backbone and all will be well.'  For
    individual users to take full advantage of the change in the
    infrastructure, you'll have to change everything."  Also, "the
    technology is advancing so rapidly that by the time the computer you
    originally asked for is finally delivered, you don't want that
    computer any more."

*   From *Publisher's Weekly*:  Database vendors serving libraries "have
    become frustrated with the number of new platforms they have to
    support.  It cost one company $2 million to convert its databases to
    SGML for CD-ROM.  Then the Web and HTML came along, costing $100,000
    more for conversion, and now they must ready themselves for Java."

*   The *Economist*:  A venture capitalist who sits on the boards of
    several small Internet companies says that "`a major strategic
    decision' is taken at virtually every meeting.  This nimbleness is
    prompted by fear.  The technology market changes so quickly that any
    company which fails to adjust will get pushed out."  The magazine goes
    on to report that "age and experience, which elsewhere get people
    promoted, are no help in [Silicon] valley; on the contrary, there is a
    distinct bias in favor of youth.  Nowadays the average software-
    engineering qualification becomes obsolete in around five years, so a
    student fresh out of college may be more valuable to a company than a
    40-year-old.  Many of the new Internet firms are headed by people in
    their mid-20s."

Here closer to home, I find that my text-only Lynx browser is rapidly
becoming a cripple on today's Web.  Many sites now require frame support,
which my browser does not have.  Other sites, such as MSNBC, immediately
hang the window in which I'm working; Lynx compatibility is simply not
something Web site managers worry about.  Apparently, as a sixteen-year
veteran of the Net who would rather not spend his time downloading cutesy
graphics, I've gotten myself a little behind the curve.  I might as well
be a dinosaur.

The browser problem illustrates, I think, one striking fact about many Web
sites:  they are content providers for whom content scarcely matters.
They do not begin with something important to say, and then seek the most
effective vehicle for saying it.  Rather, they are enamored of the vehicle
(latest model only!) and are looking for something to say with it.  Not
surprisingly, the result is a lot of pandering.  The message is there only
to serve alien purposes.

This is no eccentric reading of my own.  It is the explicit acknowledgment
of an entire industry that begins by producing and playing with whatever
is technically feasible, and then hopes for a "killer app" to fasten the
technical innovations upon the body social.  Here, too, some recent news
reports have leapt out at me:

*   Speaking of the high-tech transformation of the U.S. military, the
    *Economist* writes:  "This embryonic revolution, unlike the
    development of nuclear weapons, has not emerged in response to any
    particular threat to the United States or its allies.  It has come
    about because it is there -- that is, because generals want to play
    with new technologies in case a future threat emerges."

*   *Internet World* tells corporate executives they must embrace
    intranets for no other reason than that they are happening.  "You can
    catch the Intranet wave and ride it or let your firm and your LAN be
    overwhelmed by the tides of change."  The argument?  None seems to be
    necessary.  It's enough that intranets are *there*, and are deemed to
    represent a technical advance.  "By now, you've gathered that
    intranets can be pricey and, in some ways, hard to manage.  Are they
    worth it?  The answer is yes.  The future clearly belongs to the
    intranet model.  Proprietary LANs ... have run their course.  The
    future belongs to intranets, where getting information anywhere and
    anytime is possible for your users."

*   And the *Economist* again:  "By 2000 customers will have shelled out a
    total of $200 billion on networking software and related equipment;
    but most forecasts for revenues from Internet-related activities, such
    as advertising on websites, are no more than $35 billion -- hardly a
    quick return."

If you build the technology, a killer app will eventually come -- such is
the reigning faith.  Of course, as long as the rest of us are willing to
go along with this backward game, chasing after the latest gadgetry
regardless of need, it works quite well.  Out of this willingness, the
technological "necessity" that so many perceive in these matters is born.

It's a strange infatuation that has a mature society hitching itself with
uncritical enthusiasm to whatever happens to issue from the endless rows
of cubicles where programmers -- often college students -- exercise their
technically constrained and hopelessly uneducated imaginations.  The
cubicles themselves, I suppose, are a pretty good image of the inevitable
result.  We always mirror our inner worlds in the outer.


The Loss of Purpose
   -------------------

So, what is going on here?

Technical innovation -- the devising of new tools -- is surely a desirable
activity.  But unless there is a balance between our fascination with
tools and our concern for the ends they may help us achieve, the tool
becomes tyrannical.  What stares us in the face today is the startling
fact that, not only has the balance been upset, but one of its terms has
virtually disappeared.  Technological innovation now proceeds for its own
sake, driven by its own logic, without reference to human need.  We are a
society obsessed with new tools, but incapable of asking in any serious
way, "what are we developing these tools *for*?"

It's rather as if a musician became so enamored of new instruments capable
of generating novel sounds that he lost all interest in seeking the kind
of disciplined musical inspiration that makes his art finally worthwhile.

What I'm talking about here -- and what the preceding quotations testify
to -- is a reversal of ends and means.  I previously (NF #39 and NF #40)
tried to show what this reversal looks like within the individual company,
where the pursuit of worthwhile ends under the discipline of economics
eventually gets twisted around to a pursuit of profits as an end in
themselves.  Now, however, I'm talking about society as a whole, driven as
it increasingly is by the high-tech industry.

A society obsessed by tools and technology without a balancing focus upon
ends is a society whose members are being hollowed out.  It is, after all,
in establishing and pursuing higher values -- something we can only do
from within ourselves -- that we assert our humanity.  Otherwise, we
merely react, machine-like, without internal compass.  That is, we become
like the programmed machines to which we devote so much of our energy.

I for one would not want to quarrel with those who recognize a certain
necessity in the one-sided tool focus of the past few hundred years.  Nor
would I want to insist that the U.S. military cease pushing its technical
capabilities to the practical limit.  And surely there is in any case
little likelihood that the foreseeable future will bring a significant
slowing of the overall, furious extension of the technical reach of our
tools.

What this means is that everything hinges upon our ability to
counterbalance the prevailing technical mania with a strengthened inner
compass.  We must, wherever possible, be all the more forceful in asking,
What is this tool *for* -- how does it relate to the deepest needs and
yearnings of the human being?  The stronger the tendency of the high-
tech/commercial matrix to drive itself forward in terms of its own
inherent logic, the more we must appeal to needs, values, and human ends
in order to reign in and guide this logic.

In making this effort we can hardly be satisfied with the hollow
platitudes of those who would sell us an endless array of new gadgets.
Our pressing need is *not* for more information, or faster access to
information, or more connectivity.  Our decisive problems arise -- as many
others have noted -- from the lack of meaningful, value-centered contexts
to which new information can be assimilated, and from those connections to
other people we already have, but do not know how to deepen and make
healthy.  Adding new information and additional connections where these
fundamental problems have not been solved only carries us further from
ourselves and each other.

Yet within the high-tech industry itself the platitudes have a certain
validity.  Any company that does not develop new technology fast enough --
human needs and purposes be damned -- will not likely survive for long.
This industry, in other words, has itself become machine-like, hollowed
out, lacking all evidence of the guiding human interior.  Its employees
and owners and investors sleepwalk through their working lives, bringing
full consciousness only to the technical dimensions of their jobs.  And we
who buy their products in a similar trance contribute our fair share to
the undermining of society.

Do not underestimate the potential evils of a society that worships every
new tool in forgetfulness of its own inner purposes through which alone
the tools can be justified.  Hollow men and women, whether educated or
not, whether technically competent or not, can never sustain a healthy
society, and are capable of unimagined monstrosities.

Eventually we will have to recognize the symptoms of our hollowness in
unexpected places.  For example, in the burgeoning commercialized sex
industry, where external presentations (now greatly aide by technology)
substitute for profound connection between human beings.  Or in the
deranged excesses at the fringes of the fast-growing New Age movements,
where the meaning so conspicuously absent from the social mainstream is
sought in borderline experiences -- and even, as with the Heaven's Gate
community, in death.  Or in the outrages committed against man and nature
by commercially driven biotechnologists.  Or in the politics of appearance
without principle.  Or in the fragmentation of society, with the economic
disfranchisement of large groups.

Our only escape from the tyranny of the tool as an end in itself lies in
our becoming *more* than our tools.  Only we ourselves can supply the
ends, and we can do so only by waking up to our own inner resources.  The
prevailing notion that the logic of high-tech development will itself
guide society into a better future amounts to an abdication of our
humanity.  After all, a society with abundant technical means and no
governing values and purposes can only become a hellish and dangerous
place.  On the other hand, a society struggling toward its own governing
values is a society on its way toward healing.

Which is it?  Personally, I see little basis for optimism.  But it may
well be that I've just been leafing through too many trade rags lately.

  ------------------------------------------------------------
*** About this newsletter (29 lines)

NETFUTURE is a newsletter concerning technology and human responsibility.
Publication occurs roughly once per week.  Editor of the newsletter is
Steve Talbott, a senior editor at O'Reilly & Associates.  Where rights are
not explicitly reserved, you may redistribute this newsletter for
noncommercial purposes.

Current and past issues of NETFUTURE are available on the Web:

    http://www.ora.com/people/staff/stevet/netfuture/

To subscribe to NETFUTURE, send an email message like this:

    To: listproc@online.ora.com

    subscribe netfuture yourfirstname yourlastname

No Subject line is needed.  To unsubscribe, the second line shown above
should read instead:

    unsubscribe netfuture

To submit material to the editor for publication in the forum, place the
material in an email message and address it to:

    netfuture@online.ora.com

Send general inquiries to netfuture-owner@online.ora.com.

------------------------------

Date: Tue, 15 Apr 1997 10:02:45 EDT
From: Martin Kaminer <iguana@MIT.EDU>
Subject: File 4--Texas ISPs Targed in Secessionist Case

Date--Sat, 12 Apr 1997 11:10:22 -0500
From--FringeWare News Network <email@Fringeware.COM>

Sent from: Jon Lebkowsky <jonl@onr.com>

[ mod's note: ROT information can be found at
http://www.flash.net/~robertk/
]

Texas ISPs Targeted in Secessionist Case
by Ashley Craddock

5:55pm  11.Apr.97.PDT

Saying the Texas attorney general is violating the electronic privacy
rights of their subscribers, two Lone Star Internet service providers
have refused to turn over information about members of a secessionist
movement who use their services.

The movement, known as the Republic of Texas, holds that Congress' 1845
annexation of the independent state was illegal and that only a citizen
vote can legalize its status as part of the Union. Charging everyone
>from Governor George Bush Jr. to private citizens with the illegal
seizure of property, the Republic has flooded state courts with liens
that have been declared illegal.

In a counterattack, Attorney General Dan Morales - of what the movement
calls "the de facto state of Texas" - on 2 April served subpoenas on 10
ISPs who do business with the members of the group that state officials
seem to delight in calling ROT.

The subpoenas demand copies of all members' email, login and user IDs,
subscriber applications, and billing information - including credit
card and checking-account numbers. The court order was filed as part of
a civil case, Morales v. Van Kirk et al., that the attorney general
brought last June to stop the movement from posing as a government
entity and clogging the courts with liens.

Eight of the ISPs have agreed to comply with the subpoenas. Two others,
Internet Texoma Inc.  and the Overland Network, have refused. Both say
the subpoenas violate a portion of the federal Electronic
Communications Privacy Act stipulating that the information sought must
be "relevant and material to an ongoing criminal investigation."

In a Friday letter to the attorney general, W. Scott McCollough, the
Texas Internet Service Providers Association attorney representing both
ISPs, stated that the subpoenas "do not overcome our ... federal
obligations."

"This is a civil, not a criminal case," McCollough said. "Plus, the
AG's office hasn't gone through due process in requesting the
information. They didn't serve us with a search warrant. And if my
clients turned over the information without a warrant, there's always
the possibility that these people could sue us. I don't know if they
would since they don't acknowledge the court system, but they could."

Attorney general's spokesman Ward Tisdale said on Friday that since the
"Republic of Texas folks do most of their communication over the
Internet, we're simply taking the reasonable steps to gather all the
information we need in the course of our investigation."

Responding to McCollough's letter, the attorney general's office took a
slightly different tack in an effort to skirt the issue of the federal
privacy law. It called off the subpoenas and told McCollough it will
file a civil investigative demand, a less-stringent request for
material relevant to ongoing litigation.

------------------------------

Date: Thu, 10 Apr 1997 10:41:58 -0500 (CDT)
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: File 5--Crack DES Challenge

I'm just forwarding along.  Check out the web page towards the end for all
the relevant software and such.

- --

                            FOR IMMEDIATE RELEASE:

                      DESCHALL Group Searches for DES Key

   Sets out to prove that one of the world's most popular encryption
   algorithms is no longer secure.

   COLUMBUS, OH (April 9, 1997). In answer to RSA Data Security, Inc.'s
   "Secret Key Challenge," a group of students, hobbyists, and
   professionals of all varieties is looking for a needle in a haystack
   2.5 miles wide and 1 mile high. The "needle" is the cryptographic key
   used to encrypt a given message, and the "haystack" is the huge pile
   of possible keys: 72,057,594,037,927,936 (that's over 72 quadrillion)
   of them.

   The point? To prove that the DES algorithm -- which is widely used in
   the financial community and elsewhere -- is not strong enough to
   provide protection from attackers. We believe that computing
   technology is sufficiently advanced that a "brute-force" search for
   such a key is feasible using only the spare cycles of general purpose
   computing equipment, and as a result, unless much larger "keys" are
   used, the security provided by cryptosystems is minimal. Conceptually,
   a cryptographic key bears many similarities to the key of a typical
   lock. A long key has more possible combinations of notches than a
   short key. With a very short key, it might even be feasible to try
   every possible combination of notches in order to find a key that
   matches a given lock. In a cryptographic system, keys are measured in
   length of bits, rather than notches, but the principle is the same:
   unless a long enough key is used, computers can be used to figure out
   every possible combination until the correct one is found.

   In an electronic world, cryptography is how both individuals and
   organizations keep things that need to be private from becoming public
   knowledge. Whether it's a private conversation or an electronic funds
   transfer between two financial institutions, cryptography is what
   keeps the details of the data exchange private. It has often been
   openly suggested that the US Government's DES (Data Encryption
   Standard) algorithm's 56-bit key size is insufficient for protecting
   information from either a funded attack, or a large-scale coordinated
   attack, where large numbers of computers are used to figure out the
   text of the message by brute force in their idle time: that is, trying
   every possible combination.

   Success in finding the correct key will prove that DES is not strong
   enough to provide any real level of security, and win the first person
   to report the correct solution to RSA $10,000.

   Many more participants are sought in order to speed up the search. The
   free client software (available for nearly every popular computer
   type, with more on the way) is available through the web site. One
   simply needs to follow the download instructions to obtain a copy of
   the software. Once this has been done, the client simply needs to be
   started, and allowed to run in the background. During unused cycles,
   the computer will work its way through the DES keyspace, until some
   computer cooperating in the effort finds the answer.

   If you can participate yourself, we urge you to do so. In any case,
   please make those you know aware of our effort, so that they might be
   able to participate. Every little bit helps, and we need all the
   clients we can get to help us quickly provide an answer to RSA's
   challenge.

Contact Information

     * Media Contact
       Matt Curtin +1 908 431 5300 x295
       <cmcurtin@research.megasoft.com>
     * Alternate Contact
       Rocke Verser, Contract Programmer, +1 970 663 5629
       <rcv@dopey.verser.frii.com>
     * Web Site
       http://www.frii.com/~rcv/deschall.htm
     * Mailing List
       deschall@gatekeeper.megasoft.com
       To subscribe, send the text subscribe deschall to
       <majordomo@gatekeeper.megasoft.com> and you'll be emailed
       instructions.
     * RSA Data Security Secret Key Challenge '97 Site
       http://www.rsa.com/rsalabs/97challenge/

------------------------------

Date: Thu, 17 Apr 1997 09:43:14 -0500
From: "Julia N. Visor" <jnvisor@RS6000.CMP.ILSTU.EDU
Subject: File 6--(Fwd) A listserv joke

 Q:  How many internet mail list subscribers does it take
     to change a light bulb?


 A:  1,331:
         1 to change the light bulb and to post to the mail
           list that the light bulb has been changed
        14 to share similar experiences of changing light
           bulbs and how the light bulb could have been
           changed differently.
         7 to caution about the dangers of changing light bulbs.
        27 to point out spelling/grammar errors in posts about
           changing light bulbs.
        53 to flame the spell checkers
       156 to write to the list administrator complaining about
           the light bulb discussion and its inappropriateness
           to this mail list.
        41 to correct spelling in the spelling/grammar flames.
       109 to post that this list is not about light bulbs and
           to please take this email exchange to alt.lite.bulb
       203 to demand that cross posting to alt.grammar,
           alt.spelling and alt.punctuation about changing
           light bulbs be stopped.
       111 to defend the posting to this list saying that we
           all use light bulbs and therefore the posts
           **are** relevant to this mail list.
       306 to debate which method of changing light
           bulbs is superior, where to buy the best light bulbs,
           what brand of light bulbs work best for this
           technique, and what brands are faulty.
        27 to post URLs where one can see examples of
           different light bulbs
        14 to post that the URLs were posted incorrectly, and
           to post corrected URLs.
         3 to post about links they found from the URLs that
           are relevant to this list which makes light bulbs
           relevant to this list.
        33 to concatenate all posts to date, then quote
           them including all headers and footers, and then
           add "Me Too."
        12 to post to the list that they are unsubscribing
           because they cannot handle the light bulb
           controversey.
        19 to quote the "Me Too's" to say, "Me Three."
         4 to suggest that posters request the light bulb FAQ.
         1 to propose new alt.change.lite.bulb newsgroup.
        47 to say this is just what alt.physic.cold_fusion
           was meant for, leave it here.
       143 votes for alt.lite.bulb.

------------------------------

Date: Sat, 12 Apr 1997 02:50:49 -0400
From: "Robert A. Costner" <pooh@efga.org>
Subject: File 7--Family-Friendly Internet Access Act of 1997

Source -  fight-censorship@vorlon.mit.edu

On March 20th, a national bill similar to the Texas law was introduced.
The substantial part of the law is as follows:

   ------------------------------------

http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.1180:

(d) OBLIGATIONS OF INTERNET ACCESS PROVIDERS- An Internet access provider
shall, at the time of entering an agreement with a customer for the
provision of Internet access services, offer such customer screening
software that is designed to permit the customer to limit access to
material that is unsuitable for children. Such software shall be provided
either at no charge or for a fee that does not exceed the cost of such
software to such provider.

     ------------------------------------

The above amendment to 47 USC 230 uses language that indicates an ISP is
not a common carrier (see the link for definitions).  Unlike the Texas law,
this applies to all providers, not just the for pay providers.  Also unlike
the Texas law, the amendment provides  for what is to be blocked - material
that is unsuitable for children.  Unlike the Texas law, this does not
provide an exclusion for the ISP if the blocking software does not work
properly.

The term "limit access to material" would be up for debate, but I assume
that a partial reduction in improper material would be fine.   However, I
assume that there is a requirement to block all areas, not just web sites.

If this law has a prayer of passing, I'd prefer to see the Texas version
instead.

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 8--Cu Digest Header Info (unchanged since 13 Apr, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

         In ITALY: ZERO! BBS: +39-11-6507540
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.31
************************************