Computer underground Digest Sun Sep 22, 1996 Volume 8 : Issue 67 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.67 (Sun, Sep 22, 1996) File 1--Hackers on Net and BBC-ISP's "morality button," from FinTimes File 2--More on hackers and CIA web page File 3--official statement from Lexis-Nexis about P-Trak (fwd) File 4--Tim O'Reilly Comments in Re DOJ's Investigation of Microsoft File 5--Condat denies the Crypt Newsletter's editor accusations File 6--CERT Advisory CA-96.20 - Sendmail Vulnerabilities (fwd) File 7--Cu Digest Header Info (unchanged since 7 Apr, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 20 Sep 1996 22:36:11 -0500 (CDT) From: Declan McCullagh Subject: File 1--Hackers on Net and BBC-ISP's "morality button," from FinTimes Financial Times Concern at attacks by hackers on Internet sites Wednesday September 18 1996 By Louise Kehoe in San Francisco A rash of hacker attacks on commercial Internet sites - including one in which the services of Panix, a New York-based Internet access provider, were seriously disrupted - has raised new concerns about the security and reliability of the worldwide computer network. In these "denial of service" attacks, hackers have flooded Internet sites with false requests for information sent from fake addresses, tying up the computers and preventing access by legitimate users. In addition to the Panix attack, at least one large information technology company, which declined to be identified, has suffered a similar attack. Attacks have been "isolated incidents", said Mr Pete Solvik, vice-president of information systems at Cisco Systems, the leading manufacturer of routing equipment for the Internet. The company, however, is concerned that the problem could spread, disrupting Internet service for millions of users and effectively closing down large commercial sites on the Internet. With many banks and retailers now planning Internet services, the potential for financial losses as a result of such attacks is rising. Disruption of Internet service can also be a serious problem for the tens of thousands of businesses that now rely on electronic mail and sites on the World Wide Web to communicate with their partners and [...] The Federal Bureau of Investigation's New York Computer Investigations Threat Assessment Center is understood to be investigating the attack on Panix. Computer Emergency Response Teams, a US organisation that collates information about security and technical problems on the Internet, are looking into the incident. ### Financial Times BBC to enter Internet market Thursday September 19 1996 By Alan Cane and Raymond Snoddy in London The BBC plans to launch a service on the Internet which could promote greater acceptance of the global computer network in the same way that the BBC Computer popularised computing in the 1980s. Contracts have been signed between BBC Worldwide, the public broadcaster's commercial arm, and the multimedia division of ICL, the UK computer group owned by Fujitsu of Japan, to design and run the service. BBC Worldwide will announce the service within the next two weeks. It will feature news, weather and travel information as well as educational and entertainment material. It is expected to go live in the early part of 1997. [...] The main selling points will be speed - compared with the frequent delays experienced by users - and ease of use. There will also be a "morality button" to reassure parents who might fear their children could use the service to view pornography and other unsuitable material available on the Internet. ICL declined to comment last night. ------------------------------ From: Declan McCullagh To: fight-censorship@vorlon.mit.edu Subject: File 2--More on hackers and CIA web page The web pages are at: http://titus.is.co.za/mikev/cia_hack/ http://www.skeeve.net/cia/ Looks like the hackers tipped off CNN, which has been running video clips. Reuters also picked this up. -Declan ********* HACKERS VANDALIZE CIA HOME PAGE No security breach of private files, agency says September 19, 1996 Web posted at: 10:00 a.m. EDT (1400 GMT) By Wayne B. Drash and Jim B. Morris ATLANTA (CNN) -- Hackers broke into the CIA's World Wide Web home page (http://www.odci.gov/cia/) Thursday morning, altered it, added obscenities and changed the agency's name on the page to the "Central Stupidity Agency." The CIA, which took down the site shortly after 7:30 a.m. EDT, said the hackers did not gain access to the agency's private files. "This (the publicly available CIA Web site) is on an entirely different circuit from everyone else at the CIA," agency spokesman Rick Oborn He said the CIA did not know who was responsible for the hacking or when the page would be restored. "A team is being pulled together to assess how many layers (of the site) were affected and how we can get it back on line," Oborn said. Anonymous call An anonymous phone caller tipped CNN Interactive to the break-in, saying Swedish hackers were responsible. The phone call was received about 5:45 a.m. EDT. When asked what the hackers had done to the page, the man said, "I think you should just take a look at it." He then hung up without further comment. He did not leave his name or identify a specific group. ------------------------------ Date: Wed, 18 Sep 1996 21:21:14 -0400 (EDT) From: Noah Subject: File 3--official statement from Lexis-Nexis about P-Trak (fwd) From -Noah ---------- Forwarded message ---------- Date--Wed, 18 Sep 1996 21:21:14 -0400 (EDT) From--Maura Kearns Here's the real info on the Lexis thing: This statement was issued today: -------- STATEMENT FROM LEXIS-NEXIS 9/18/96 Incorrect information is being distributed on Internet newsgroups regarding the data displayed in LEXIS-NEXIS' P-TRAK file. P-TRAK is like an electronic "white pages." The only information displayed is the name of the individual, current address and up to two previous addresses and telephone number. In some cases, the individual's maiden name may appear and as well as the month and year of birth. That is the ONLY information displayed in the P-TRAK file. Contrary to some messages that have been posted to some Internet discussion and news groups, the P-TRAK file DOES NOT contain any credit histories, bank account information, personal financial data, mother's maiden name or medical histories. This misinformation has been posted over and over again to various news groups. An example of a record appears below: Name: DOE, JOHN E Current Address: 1066 Anywhere Drive, Dayton, OH 95454 Previous Address: 106 Somewhere Drive, Dayton, OH 92454 Birthdate: 9/1965 Telephone Number: 555-1212 On File Since: 6/1/1994 The information displayed in the P-TRAK file is the type of information readily available from public information sources such as telephone directories (in print and CD-ROM format) and public records maintained by government agencies. LEXIS-NEXIS markets the P-TRAK file to the legal community for use by general legal practitioners, litigators and public attorneys, as well as law enforcement agencies and police departments. These professionals use the P-TRAK file to assist in locating litigants, witnesses, shareholders, debtors, heirs and beneficiaries. LEXIS-NEXIS is aware of the sensitivities regarding the potential misuse of information. Business competitors of LEXIS-NEXIS have for some time made Social Security numbers available to users of their services. In addition, Social Security Numbers and other information are available on the Internet from a number of sources. Despite this wide availability of Social Security numbers in the market place, LEXIS-NEXIS discontinued the display of Social Security numbers in the P-TRAK file as of June 11, 1996, eleven days after the product was introduced. Through its actions, LEXIS-NEXIS is balancing the privacy concerns of the public with the legitimate needs of legal, business and government professionals for access to accurate sources of publicly available information. By discontinuing the display of Social Security numbers in P-TRAK and only providing information that is already available to the public from other sources, LEXIS-NEXIS believes it has responsibly met the expressed concerns of the public. Individuals interested in having their names removed from the P-TRAK file can e-mail their full name and complete address to: p-trak@prod.lexis-nexis.com or mail this information to ATTN: P-TRAK, P. O. Box 933, Dayton, OH 45401. ------------------------------ Date: Thu, 19 Sep 1996 19:00:41 -0700 From: Ellen Elias Subject: File 4--Tim O'Reilly Comments in Re DOJ's Investigation of Microsoft For Immediate Release Further Information Contact Ellen Elias (707)829-0515 ext. 322 elias@ora.com STATEMENT OF TIM O'REILLY, PRESIDENT OF O'REILLY & ASSOCIATES, IN RESPONSE TO CONFIRMATION OF JUSTICE DEPARTMENT'S INVESTIGATION OF MICROSOFT September 19, 1996, Sebastopol, CA--Tim O'Reilly, upon learning of the confirmed investigation of Microsoft by the federal Department of Justice, called for Microsoft to cease its anti-competitive behavior. Mr. O'Reilly made the following comments: "I'm delighted to hear about the Department of Justice investigation. We don't know what they'll find, but we do know that Microsoft's recent practices have been bad for users, and they have demonstrated a pattern of anti-competitive behavior. The fact of this investigation will further alert people to Microsoft's activities. I believe in the marketplace, and think that there can be a healthy impact on the marketplace from the DOJ investigation. "Each time O'Reilly & Associates has brought a particular fact about Microsoft into the public eye, the response from Microsoft has been deceptive and confusing. In July, 1996, we complained publicly about their 10-connection limit on Windows NT Workstation. In response, Microsoft removed the 10-connection limit from the code, but then kept it in the user license. Further, Microsoft made extravagant claims that they were doing this for users: they claimed that NT Workstation was just not suitable as a Web server platform. That claim inspired our Senior Editor Andrew Schulman's investigation into the actual differences between NT Workstation and NT Server. He found that, indeed, at the core, they are not very different at all. "Microsoft doesn't need to win every battle to stifle innovation. As powerful as they are, they can determine the terms under which software development happens, and they can seriously limit important development by their anti-competitive behavior. Here's an example: when O'Reilly & Associates first developed and marketed WebSite(TM), Microsoft patted us on the back, because we were legitimizing NT as a Web server platform. But when Microsoft decided they wanted the Web server market for themselves, they used their restrictive NT 4.0 Workstation user license as a tool to frighten users against using any competitors' Web servers on that platform. Microsoft's actions have made it difficult for us, as well as all other server vendors, to compete. So what kind of industry does that create? "Netscape has claimed that many people have been afraid to speak in fear of retribution from Microsoft. Netscape has said that now, these people will feel free to speak publicly, and I think that should prove very enlightening. I hope the Department of Justice will vigorously pursue this investigation. I also hope the public will hold Microsoft to the same high standard of business practices to which our entire industry should adhere." ------------------------------ Date: Wed, 18 Sep 1996 15:12:31 +0100 From: Jean-Bernard Condat Subject: File 5--Condat denies the Crypt Newsletter's editor accusations This morning, I receive the Cu Digest #8.66 and carefully read the file 3 with a complete surprise. I never send any article related to computer viruses troubles during the US Army's Bosnian deployment plagiarizing the well-knowned Crypt Newsletter. After my publication of the Mark A. Ludwig's book "The Little Black Book of Computer Viruses" with Addison-Wesley France ("Naissance d'un virus" for the first volume and "Mutation d'un virus" for the second one), I have had a lot of problems: night & day phone calls, injures, public critics on French TV and/or magazines, etc. I stop the crazy rumors immediately. I don't writte any more computer virus' articles; I don't participate to any security events; I don't collaborate to any craking/phreaking/swapping actions. For example, I don't participate to the French 2600 meeting in Porte d'Italie in Paris last week. As my understanding, this previous email under my name was send to CuD editors from and unauthorized source. As some of you know, I have been having problems with the secret services in the past and I got into a large battle with was France Telecom -vs- Me. It is stupid to get into an argument with that kind of corporation, and a few words and threats were thrown, they locked all my phone accounts. I wrote a letter in response of that and they proceded to harass my company that put me immediately out. Also some lamers posted some hoax letters in the French news groups and whatever. They eventually decided to charge me and whatever, and to save me time outta the Paris courts and crap like that I made an apology for the threats, seeing that they could incriminate me. France Telecom has done wrong and I probably won't be seeing alot of apologies coming my way. If they didn't have certain info about me... they could have me very well laughing at them but that is not the case. At this time, I have some crazy guys that don't hesitate to put all the scripts of my TV shows (http://www.magic.be/InterieurNuit/SiteMars/Condat.html), or to put my picture (http://www.condat.de/condat/jean-b/). Yesterday, I lost my job of senior consultant in the Smart Card Business Unit of Informix because Mr. Tariq Krim of the ENST in Paris don't hesitate to call all my chiefs with some kind words on my life. In France, this type of action permit to put me out the company some seconds after. "Information wants to be free" is false. I have to many subjects to writte on that to plagiarized Crypt News will be a "sincerest form of flattery", like George Smith writte. But I prefer the unpolically correct French-style-approach, the savoir-vivre of Paris. Accept all my real excuses for all the French guy like Krim that prefer to crash my career for having the pleasure to be the best! I read Crypt News with pleasure and always respect the international copyright notices. Apologetically, \\\|/// | ~ ~ | (- 0 0 -) +--------------------.oOOo-(_)-oOOo.-------------------------+ | Jean-Bernard Condat | | 47 rue des rosiers, 93400 Saint-Ouen France | | Phone: +33 1 40100357, fax: 1 46963765, Itineris: 07238628 | | Email: condat@atelier.fr, PGP Key Id: C8F5D50D | | Oooo. | +--------------------.oooO-----( )--------------------------+ ( ) ) / \ ( (_/ \_) ------------------------------ Date: Wed, 18 Sep 1996 10:40:07 -0400 From: Noah Subject: File 6--CERT Advisory CA-96.20 - Sendmail Vulnerabilities (fwd) From -Noah ---------- Forwarded message ---------- Date--Wed, 18 Sep 1996 10:40:07 -0400 From--CERT Advisory -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.20 Original issue date: September 18, 1996 Last revised: -- Topic: Sendmail Vulnerabilities - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:05 *** The CERT Coordination Center has received reports of two security problems in sendmail that affect all versions up to and including 8.7.5. By exploiting the first of these vulnerabilities, users who have local accounts can gain access to the default user, which is often daemon. By exploiting the second vulnerability, any local user can gain root access. The CERT/CC team recommends installing vendor patches or upgrading to the current version of sendmail (8.7.6). Until you can do so, we urge you to apply the workaround provided in Sec. III.C. In all cases, be sure to take the extra precautions listed in Sec. III.D. For beta testers of sendmail 8.8: The vulnerabilities described in this advisory have been fixed in the beta version. We will update this advisory as we receive additional information. Please check advisory files regularly for updates that relate to your site. In addition, you can check ftp://info.cert.org/pub/latest_sw_versions/sendmail to identify the most current version of sendmail. - ----------------------------------------------------------------------------- I. Description There are two vulnerabilities in all versions of sendmail up to and including sendmail 8.7.5. The first vulnerability is a resource starvation problem and the second is a buffer overflow problem. Resource Starvation ------------------- When email is forwarded to a program using a .forward file or an :include: statement within a .forward or alias file, that program is executed as the owner of the .forward file or the file referenced by the :include: statement. Similarly, if email is forwarded to a file, that file is opened as the owner of the .forward file or the file referenced by the :include: statement. The file owner is called the "controlling user." If the message cannot be delivered immediately, the name of the controlling user is written into the queue file along with the other delivery information so that the appropriate permissions can be acquired when the mail queue is processed. Only the name of the controlling user is written in the queue file. This name is derived by calling the system routine getpwuid(3) on the user id of the file owner. If getpwuid fails, the sendmail default user (defined by the DefaultUser option in 8.7 and by the "u" and "g" options in older releases) is assumed. In some cases, the system can be forced into resource starvation, thus forcing getpwuid(3) to fail even though an entry exists in /etc/passwd corresponding to that uid. Since getpwuid has no way of portably returning an error meaning "resource failure" as distinct from "user id not found," sendmail has no way of distinguishing between these cases; it assumes that the uid is unknown and falls back to the default user. By starving sendmail of specific resources, sendmail will create files owned by the default user. Once created, these files can be used to access other files owned by the default user. In addition, these files owned by the default user can be used to leverage access to other privileged users on the system. Buffer Overflows ---------------- There are several buffer overflows present in sendmail version 8.7.5 and earlier. Some of the buffer overflows could result in local users gaining unauthorized root access. Significant work has been done on sendmail version 8.8 (now in beta test) to eliminate the problem, and the code changes originally planned for 8.8 have been backported to 8.7.6 to address these vulnerabilities. II. Impact Resource Starvation ------------------- Anyone with access to an account on the system can run programs or write files as the default user. The danger of compromising the default user depends primarily on the other files in your system owned by that user. For example, on many systems the line printer spool directory (e.g., /var/spool/lpd) is owned by daemon; because the line printer subsystem runs setuid root, it may be possible to gain additional privileges. However, some other systems have no files owned by user daemon on the default system, and the only files owned by group daemon are not writable by that group; hence, the danger is minimal. Buffer Overflows ---------------- Anyone with access to an account on the system can gain root access. III. Solution Install a patch from your vendor if one is available (Sec. A) or upgrade to the current version of sendmail (Sec. B). Until you can take one of those actions, we recommend applying the workaround described in Sec. C. This workaround addresses the resource starvation problem but not buffer overflows. In all cases, you should take the precautions listed in Sec. D. Note to beta testers of sendmail 8.8: The vulnerabilities described in this advisory have been fixed in the beta version of 8.8. A. Install a vendor patch. Below is a list of the vendors who have provided information about sendmail. Details are in Appendix A of this advisory; we will update the appendix as we receive more information. If your vendor's name is not on this list, please contact the vendor directly. Digital Equipment Corporation Hewlett-Packard Company IBM Corporation Linux Open Software Foundation The Santa Cruz Operation Silicon Graphics Inc. Sun Microsystems, Inc. B. Upgrade to the current version of sendmail. Install sendmail 8.7.6. This version is a "drop in" replacement for 8.7.x. There is no patch for 8.6.x. If you are using version 8.6 or earlier, you need to upgrade to the current version and rebuild your sendmail.cf files. Upgrading to version 8.7.6 addresses both vulnerabilities described in this advisory. Sendmail 8.7.6 is available from ftp://ftp.sendmail.org/ucb/src/sendmail/sendmail.8.7.6.tar.gz ftp://info.cert.org/pub/tools/sendmail/sendmail.8.7.6.tar.gz ftp://ftp.cert.dfn.de/pub/tools/net/sendmail/sendmail.8.7.6.tar.gz MD5 (sendmail.8.7.6.tar.gz) = 4a1f2179c53c9106bc8d7738f4d55667 Also in that directory are .Z and .sig files. The .Z file contains the same bits as the .gz file, but is compressed using UNIX compress instead of gzip. The .sig is Eric Allman's PGP signature for the uncompressed tar file. The key fingerprint is Type bits/keyID Date User ID pub 1024/BF7BA421 1995/02/23 Eric P. Allman Key fingerprint = C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29 Eric P. Allman Eric P. Allman Eric P. Allman Eric P. Allman We strongly recommend that when you change to a new version of sendmail you also change to the configuration files that are provided with that version. Significant work has been done to make this task easier. It is now possible to build a sendmail configuration file (sendmail.cf) using the configuration files provided with the sendmail release. Consult the cf/README file for a more complete explanation. Creating your configuration files using this method makes it easier to incorporate future changes to sendmail into your configuration files. Finally, for Sun users, a paper is available to help you convert your sendmail configuration files from the Sun version of sendmail to one that works with sendmail version 8.7.x. The paper is entitled "Converting Standard Sun Config Files to Sendmail Version 8" and was written by Rick McCarty of Texas Instruments Inc. It is included in the distribution and is located in contrib/converting.sun.configs. C. Apply a workaround. Resource Starvation ------------------- Eric Allman, the author of sendmail, has provided the following workaround to the resource starvation vulnerability. Using smrsh as "prog" mailer limits the programs that can be run as the default user. Smrsh does not limit the files that can be written, but less damage can be done by writing files directly. The damage can be almost entirely constrained by ensuring that the default user is an innocuous one. Sendmail defaults to 1:1 (daemon) only because that is reasonably portable. A special "mailnull" account that is used only for this purpose would be better. This user should own no files and should have neither a real home directory nor a real shell. A sample password entry might be: mailnull:*:32765:32765:Sendmail Default User:/no/such/dir:/dev/null A corresponding entry should be made in /etc/group: mailnull:*:32765: These assume that there are no other users or groups with id = 32765 on your system; if there are, pick some other unique value. After creating this user, change the line in /etc/sendmail.cf reading O DefaultUser=1:1 to read O DefaultUser=mailnull If you are running 8.6.*, you will have to change the lines reading Ou1 Og1 to read Ou32765 Og32765 Finally, if you are using the m4(1)-based sendmail configuration scheme provided with sendmail 8.7.*, you should add the following line to the m4 input file, usually named sendmail.mc: define(`confDEF_USER_ID', 32765:32765) The actual values should, of course, match those in the passwd file. Buffer Overflows ---------------- There is no workaround for the buffer overflow problem. To address this problem, you must apply your vendor's patches or upgrade to the current version of sendmail (version 8.7.6). D. Take additional precautions. Regardless of which solution you apply, you should take these extra precautions to protect your systems. * Use the sendmail restricted shell program (smrsh) With *all* versions of sendmail, use the sendmail restricted shell program (smrsh). You should do this whether you use vendor-supplied sendmail or install sendmail yourself. Using smrsh gives you improved administrative control over the programs sendmail executes on behalf of users. A number of sites have reported some confusion about the need to continue using the sendmail restricted shell program (smrsh) when they install a vendor patch or upgrade to a new version of sendmail. You should always use the smrsh program. smrsh is included in the sendmail distribution in the subdirectory smrsh. See the RELEASE_NOTES file for a description of how to integrate smrsh into your sendmail configuration file. smrsh is also distributed with some operating systems. * Use mail.local If you run /bin/mail based on BSD 4.3 UNIX, replace /bin/mail with mail.local, which is included in the sendmail distribution. It is also included with some other operating systems distributions, such as FreeBSD. Although the current version of mail.local is not a perfect solution, it is important to use it because it addresses vulnerabilities that are being exploited. For more details, see CERT advisory CA-95:02. Note that as of Solaris 2.5 and beyond, mail.local is included with the standard distribution. To use mail.local, replace all references to /bin/mail with /usr/lib/mail.local. If you are using the M4(1)-based configuration scheme provided with sendmail 8.X, add the following to your configuration file: define(`LOCAL_MAILER_PATH', /usr/lib/mail.local) * WARNING: Check for executable copies of old versions of mail programs If you leave executable copies of older versions of sendmail installed in /usr/lib (on some systems, it may be installed elsewhere), the vulnerabilities in those versions could be exploited if an intruder gains access to your system. This applies to sendmail.mx as well as other sendmail programs. Either delete these versions or change the protections on them to be non-executable. Similarly, if you replace /bin/mail with mail.local, remember to remove old copies of /bin/mail or make them non-executable. ------------------------------ Date: Thu, 21 Mar 1996 22:51:01 CST From: CuD Moderators Subject: File 7--Cu Digest Header Info (unchanged since 7 Apr, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.67 ************************************