Computer underground Digest Sun Apr 6, 1997 Volume 9 : Issue 27

Computer underground Digest Sun Apr 6, 1997 Volume 9 : Issue 27
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.27 (Sun, Apr 6, 1997)

File 1-- OECD releases Crypto Guidlines
File 2--OECD Guidlines Released
File 3--The Zimmermann Telegram
File 4--Moynihan Commission hoisted on petard of Penpal hoax
File 5--Rep. Rick White to hold live online town hall meeting 4/10
File 6--UPDATE: Computer Security Script Database
File 7--Cu Digest Header Info (unchanged since 1 Apr, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Thu, 3 Apr 1997 18:06:07 GMT
From: "ACLU Cyber-Liberties Update Owner"@newmedium.com
Subject: File 1-- OECD releases Crypto Guidlines

* OECD releases Crypto Guidlines

The Organization for Economic Cooperation and Development (OECD) last
week announced its new Cryptography Policy Guidelines. Despite
pressure from the U.S. government to adopt a U.S.backed key escrow/key
recovery system, the leading industrial democracies took a stand that
instead strongly suppots privacy rights, and rejects key escrow.

International support for a market diven and voluntary system is a
huge step, and one the ACLU fully supports. The Global Internet
Liberty Coalition (GILC) and the ACLU held a conference in Paris in
September during the OECD gathering which contributed to a favorable
climate for the guidelines. Both the ACLU and GILC are appreciative of
the steps the Organization has taken towards protecting privacy and
urging removal of restrictions on cryptography.

The Guidelines set out eight basic Principles for cryptography policy:

1.Cryptographic methods should be trustworthy in order to generate
confidence in the use of information and communications systems.

2.Users should have a right to choose any cryptographic method,
subject to applicable law.

3.Cryptographic methods should be developed in response to the needs,
demands and responsibilities of individuals, businesses and
governments.

4.Technical standards, criteria and protocols for cryptographic
methods should be developed and promulgated at the national and
international level.

5.The fundamental rights of individuals to privacy, including secrecy
of communications and protection of personal data, should be respected
in national cryptography policies and in the implementation and use of
cryptographic methods.

6.National cryptography policies may allow lawful access to
plaintext, or cryptographic keys, of encrypted data. These policies
must respect the other principles contained in the guidelines to the
greatest extent possible.

7.Whether established by contract or legislation, the liability
ofindividuals and entities that offer cryptographic services or hold
or access cryptographic keys should be clearly stated.

8.Governments should co-operate to co-ordinate cryptography policies.
As part of this effort, governments should remove, or avoid creating
in the name of cryptography policy, unjustified obstacles to trade.

The full OECD policy can be found at:

http://www.oecd.org/dsti/iccp/crypto_e.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ACLU Cyber-Liberties Update Editor:
Lisa Kamm ([email protected])
American Civil Liberties Union National Office
132 West 43rd Street
New York, New York 10036

To subscribe to the ACLU Cyber-Liberties Update, send a message
to [email protected] with "subscribe Cyber-Liberties" in the
body of your message. To terminate your subscription, send a
message to [email protected] with "unsubscribe Cyber-Liberties"
in the body.

The Cyber-Liberties Update is archived at
http://www.aclu.org/issues/cyber/updates.html

For general information about the ACLU, write to [email protected].
PGP keys can be found at http://www.aclu.org/about/pgpkeys.html

------------------------------

Date: Thu, 27 Mar 1997 16:53:07 -0500
From: Dave Banisar <[email protected]>
Subject: File 2--OECD Guidlines Released

The OECD Cryptography Policy Guidelines were formally announced
today, following an intensive year-long negotiation.
EPIC will be posting a complete copy of the Guidelines at our
web site [http://www.epic.org/] along with a detailed analysis.

Journalists interested in a briefing should contact the Communications
Division of the OECD. For further information and inquiries, please
contact the Information, Computer and Communications Policy Division
(fax (33) 01 45 24 93 32).

General information about the OECD may be found at the OECD web site
[http://www.oecd.org]. Specific information about the work of the OECD
in the areas of security, privacy, intellectual property, and cryptography
is available at http://www.oecd.org/dsti/iccp/legal/top-page.html. The
OECD Privacy Principles are online at
http://www.oecd.org/dsti/iccp/legal/priv-en.html

Among the key outcomes:

-- Recognition of commercial importance of cryptography. The Guidelines
recognize that cryptography is an effective tool for the secure use
of information technology by ensuring confidentiality, integrity and
availability of data and providing authentication and non-repudiation
mechanisms.

-- Rejection of key escrow encryption. The US sought endorsement
for government access to private keys. Initial drafts of the
guidelines included this recommendation. The final draft does
not. OECD countries rejected this approach.

-- Endorsement of voluntary, market-driven development of crypto
products. The OECD emphasized open, competitive markets to
promote trade and commerce in new cryptographic methods.

-- Endorsement of strong privacy safeguards. The OECD adopted one of
strongest privacy principles found in any international agreement,
including the obligation to apply the OECD privacy principles to
crypto products and services. The OECD also noted favorably the
development of anonymous payment schemes which would minimize the
collection of personal data.

-- Removal of Restriction on Cryptography. The OECD urged member
countries to remove, and avoid creating, obstacles to trade
based on cryptography policy. This guideline should lead to
further liberalization of export control policies among the
OECD member countries.

EPIC will also provide briefings for organizations interested
in the intent and application of the OECD Cryptography Guidelines.

Marc Rotenberg
Director, EPIC
Member, OECD ad hoc Expert Panel on Cryptography Policy

----------------

[http://www.oecd.org/news_and_events/release/nw97-24a.htm]\
OECD News Release

Paris, 27 March 1997

OECD ADOPTS GUIDELINES FOR CRYPTOGRAPHY POLICY

The OECD has adopted Guidelines for Cryptography Policy, setting out
principles to guide countries in formulating their own policies and legislation
relating to the use of cryptography.

The Recommendation which came before the governing body of the OECD, the
Council, on Thursday 27 March, is a non-binding agreement that identifies the
basic issues that countries should consider in drawing up cryptography policies
at the national and international level. The Recommendation culminates one
year of intensive talks to draft the Guidelines.

The need for Guidelines emerged from the explosive worldwide growth of
information and communications networks and technologies and the
requirement for effective protection of the data which is transmitted and
stored
on those systems. Cryptography is a fundamental tool in a comprehensive data
security system. Cryptography can also ensure confidentiality and integrity of
data and provide mechanisms for authentication and non-repudiation for use in
electronic commerce.

Governments want to encourage the use of cryptography for its data protection
benefits and commercial applications, but they are challenged to draft
cryptography policies which balance the various interest at stake, including
privacy, law enforcement, national security, technology development and
commerce. International consultation and co-operation must drive cryptography
policy because of the inherently international nature of information and
communications networks and the difficulties of defining and enforcing
jurisdictional boundaries in the new global environment.

The Guidelines are intended to promote the use of cryptography, to develop
electronic commerce through a variety of commercial applications, to bolster
user confidence in networks, and to provide for data security and privacy
protection.

Some OECD Member countries have already implemented policies and laws on
cryptography, and many countries are still developing them. Failure to
co-ordinate these national policies at the international level could introduce
obstacles to the evolution of national and global information and
communications networks and could impede international trade. OECD
governments have recognised the importance of international co-operation, and
the OECD has contributed by developing consensus on specific policy and
regulatory issues related to cryptography and, more broadly, to information
and communications networks and technologies.

The Guidelines set out eight basic Principles for cryptography policy:

1.Cryptographic methods should be trustworthy in order to generate
confidence in the use of information and communications systems.

2.Users should have a right to choose any cryptographic method, subject
to applicable law.

3.Cryptographic methods should be developed in response to the needs,
demands and responsibilities of individuals, businesses and
governments.

4.Technical standards, criteria and protocols for cryptographic methods
should be developed and promulgated at the national and international
level.

5.The fundamental rights of individuals to privacy, including secrecy of
communications and protection of personal data, should be respected
in national cryptography policies and in the implementation and use of
cryptographic methods.

6.National cryptography policies may allow lawful access to plaintext, or
cryptographic keys, of encrypted data. These policies must respect the
other principles contained in the guidelines to the greatest extent
possible.

7.Whether established by contract or legislation, the liability of
individuals and entities that offer cryptographic services or hold or
access cryptographic keys should be clearly stated.

8.Governments should co-operate to co-ordinate cryptography policies.
As part of this effort, governments should remove, or avoid creating in
the name of cryptography policy, unjustified obstacles to trade.

The Guidelines advise that the eight elements should be taken as a whole in an
effort to balance the various interests at stake. These Principles are
designed to
assist decision-makers in the public and private sectors in developing and
implementing coherent national and international policies for the effective use
of cryptography. Member countries should establish new, or amend existing,
policies to reflect them. Any national controls on use of cryptography should
be stated clearly and be publicly available.

Drafting of the Guidelines for Cryptography Policy began in early 1996, when
the OECD formed an Ad hoc Group of Experts under the chairmanship of Mr.
Norman Reaburn of the Attorney-General's Department of Australia. More
than 100 representatives from OECD Member countries participated, including
government officials from commerce, industry, telecommunications and
foreign ministries, law enforcement and security agencies, privacy and data
protection commissions, as well as representatives of private sector. The
Business and Industry Advisory Committee to the OECD was involved and
experts on privacy, data protection and consumer protection also participated.

The policy recommendations in the Guidelines are primarily aimed at
governments, but it is anticipated that they will be widely read and
followed by
both the public and private sectors. Governments will now engage in further
consultation to co-ordinate and co-operate on the implementation of the
Guidelines. In the future, the Guidelines could form a basis for agreements on
specific issues related to international cryptography policy. The
Guidelines will
soon be published as an OECD document for broad distribution to promote
awareness and public discussion of the issues and policies related to
cryptography.

------------------------------

Date: Thu, 3 Apr 1997 00:21:30 -0500 (EST)
From: [email protected](TELECOM Digest Editor)
Subject: File 3--The Zimmermann Telegram

((MODERATORS' NOTE: For those not familiar with Pat Townson's
TELECOM DIGEST, it's a an exceptional resource. From the header
of TcD:
"TELECOM Digest is an electronic journal devoted mostly but
not exclusively to telecommunications topics. It is
circulated anywhere there is email, in addition to various
telecom forums on a variety of public service systems and
networks including Compuserve and America On Line. It is also
gatewayed to Usenet where it appears as the moderated
newsgroup 'comp.dcom.telecom'. Subscriptions are available to
qualified organizations and individual readers. Write and tell
us how you qualify:
* [email protected] * ======" ))

SOURCE: TELECOM Digest Thu, 3 Apr 97 00:21:00 EST Volume 17 : Issue 81

Begin forwarded message:

Date--Mon, 31 Mar 1997 13:04:45 -0800 (PST)
From--Phil Agre <[email protected]>
Subject--The Zimmermann Telegram

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command. For information on RRE, including instructions
for (un)subscribing, send an empty message to [email protected]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

From-- Dave Del Torto [[email protected]]
Sent-- Monday, March 31, 1997 12--00 PM
To-- [email protected]
Subject-- The Zimmermann Telegram

Ladies, Gentlemen & Cryptographers,

I'm pleased to announce the imminent release of the premier issue of
the new "Zimmermann Telegram" newsletter. The Zimmermann Telegram will
be a regularly-published, paper-based, English-language technical
update newsletter from PGP's engineering staff, and will cover a
variety of cryptographic and other lighthearted topics which we may
otherwise be restricted from discussing via electronic media. The
newsletter will be sent, in compliance with US law, by regular postal
mail to anyone interested in technical information about PGP --
anywhere in the world.

If you are now developing PGP-related freeware, shareware, commercial or
academic cryptographic software, or you plan in future to become a
registered PGP Developer or PGP World Partner (those programs are currently
under construction and will be formally announced later) or if you are just
interested in technical information about cryptography, we think you'll
enjoy reading our newsletter.

In the premier issue, along with important updates regarding changes
to the PGP packet format, CRC security problems and new extensions to
the PGP key format which are not available through any other medium,
you'll learn about the significance of the "Zimmermann Telegram"
name. Meanwhile, visit this page:
<http://www.nara.gov/nara/digital/teaching/zimmermann/zimmerma.html>.

Scheduled to be mailed imminently, the premier issue will be sent free
to anyone who provides us with a postal mail address. After that,
regular subscriptions will require a modest fee (to be announced) to
cover our mailing costs, but we've committed to offering a limited
number of free one-year subscriptions to interested members of the
cryptography community. To request your free subscription, please
send email to me at:

<mailto:[email protected]?subject=first_issue_free_subscription_req>

In the body of your request, please include the form below (items
between the cut-lines ONLY, and preferably PGP-signed), and replace
the lines with your complete postal mail address info as
indicated. We'll put an HTML subscription form on our website, but for
the premier issue, we're managing the subscription process via
email. Thank you for your patience as we deploy rapidly. :)

............................. form begins here .............................
The Zimmermann Telegram
PGP's Technical Newsletter

- Premier Issue & One-Year Free Subscription Request -

Subscription Information (Premier Issue):

name (optional, but appreciated)
title (optional)
organization/dept (optional, as appropriate)
street address
mailstop (optional)
city/state/province
zip-/postal-code
country

Free Subscription Category: (please [x] only one)

[ ] academic
[ ] public library
[ ] media maven
[ ] human-rights/privacy activist
[ ] corporate security
[ ] impoverished cypherpunk
[ ] software analyst
[ ] law enforcement
[ ] freedom-fighter
[ ] intelligence agency
[ ] freeware developer

.............................. form ends here ..............................

Privacy Lock: If you are concerned about the privacy of your personal
information when sent over unsecured public networks, please feel free
to encrypt your subscription request to my key, which can be found at:
<http://swissnet.ai.mit.edu:11371/pks/lookup?op=index&search=0x4AAF00E5>.
Pretty Good Privacy Inc will take all reasonable precautions to
protect this information and will not use it for any other purpose
without first asking your permission. Also, PGP will not sell or give
the information to another entity and will store the list securely
between mailings.

Please feel free to circulate/forward this message (with
PGP-signature) among your friends and colleagues (remember: the free
subscription offer expires on 30 April 1997). We look forward to your
comments on The Zimmermann Telegram and thank you for your continued
support of PGP.

dave

Dave Del Torto +1.415.524.6231 tel
Senior Technical Evangelist +1.415.572.1932 fax
Pretty Good Privacy, Inc. http://www.pgp.com web
X-PGP header key

........................ "The Zimmermann Telegram" ........................
Copyright (c) 1997 Pretty Good Privacy, Inc. All Rights Reserved. PGP and
Pretty Good Privacy are registered trademarks of Pretty Good Privacy, Inc.
Permission is granted to the reader to reproduce and distribute exact
copies of this document, in physical or electronic form, on a
non-commercial basis (i.e., at no direct or indirect charge). This document
has been made available in hard copy on a subscription basis and is
available in public libraries in the United States. Accordingly, and solely
for purposes of U.S. Export Control laws and regulations (but not copyright
or other intellectual property laws), this document is considered in the
"public domain." The information in this document is of an exploratory or
experimental nature. As such, it is subject to change without notice and is
provided "AS IS." No guarantee is made that it is free of errors or that it
will meet your requirements. While we welcome your feedback on this
document, we are unable to provide any technical support for its contents.
............................................................................

-----BEGIN PGP SIGNATURE-----
Version: PGPmail 5.0 beta
Charset: noconv

iQCVAwUBM0ANsaHBOF9KrwDlAQG0bAQA17mtcxR860pFRPPdcw4LYL1pEecEoTXW
tzBCq0M84aKgv9qamZQeOkyHaxXkHGgyChaHwlsea3Q46avFvJrJfHysz/YGrvy1
qIIDrEQCqVU6emLuOvziiNLefNcj0qv2YLAfLuSy78sCTfOtfmX6IrXf7D3PDwhP
oICHxH1iR4E=
=gI03
-----END PGP SIGNATURE-----

------------------------------

Date: Thu, 3 Apr 1997 23:09:10 -0600 (CST)
From: Crypt Newsletter <[email protected]>
Subject: File 4--Moynihan Commission hoisted on petard of Penpal hoax

From the pages of Crypt Newsletter:

April 3, 1997

Pasadena, CA -- In an astonishing gaffe, government intelligence
experts writing for the Moynihan Commission's recent "Report . . . on
Protecting and Reducing Government Secrecy" reveal they've been
hooked on one of the Internet's ubiquitous e-mail computer virus hoaxes
known as "Penpal Greetings"!

In a boldly displayed boxed-out quote in a part of the report
entitled "Information Age Insecurity" authors of the report
proclaim:

"Friendly Greetings?

"One company whose officials met with the Commission warned its
employees against reading an e-mail entitled Penpal Greetings.
Although the message appeared to be a friendly letter, it
contained a virus that could infect the hard drive and destroy all
data present. The virus was self-replicating, which meant that
once the message was read, it would automatically forward itself
to any e-mail address stored in the recipients in-box."

The Penpal joke is one in half-a-dozen or so permutations spun
off the well-known GoodTimes e-mail virus hoax. Variations on
GoodTimes have appeared at a steady rate over the past couple
years. Real computer security experts -- as opposed to the
Moynihan commission's -- now occasionally worry in the press that
they spend more time clearing up confusion created by such
tricks than destroying actual computer viruses.

The report's authors come from what is known as "the Moynihan
commission," a group of heavy Congressional and intelligence
agency hitters tasked with critiquing and assessing the Byzantine
maze of classification and secrecy regulation currently embraced by
the U.S. government.

Among the commission's members are its chairman, Daniel Moynihan;
vice-chairman Larry Combest, Jesse Helms, ex-CIA director John
Deutch and Martin Faga, a former head of the super-secret, spy
satellite-flying National Reconnaissance Office.

The part of the report dealing with "Information Age Insecurity"
merits much more comment. But in light of the report's contamination by
the Penpal virus hoax, two paragraphs from the March 4 treatise become
unintentionally hilarious:

"Traditionally, computer security focuses on containing the effects of
malicious users or malicious programs. As programs become more complex,
an additional threat arises: _malicious data_ [Crypt Newsletter emphasis
added] . . . In general, the outlook is depressing: as the economic
incentives increase, these vulnerabilities are likely to be
exploited more frequently.

---W. Olin Sibert, 19th National Information Systems Security
Conference (October 1996)"

And,

"Inspector General offices, with few exceptions, lack the personnel,
skills, and resources to address and oversee information systems
security within their respective agencies. The President cannot turn to
an Information General and ask how U.S. investments in information
technology are being protected from the latest viruses, terrorists, or
hackers."

Got that right, sirs.

--------------------

Notes: Other authors of the commission report include Maurice
Sonnenberg; John Podesta, a White House Deputy Chief of Staff and
also, apparently, a visiting professor at Georgetown
University's Cyberlaw Center; Ellen Hume, a former reporter for the
Wall Street Journal; and Alison Fortier, a former National Security
Council staffer and current Rockwell International employee.

---------------------

George Smith, Editor
Crypt Newsletter
http://www.soci.niu.edu/~crypt
"In cyberspace, all news is local."

------------------------------

Date: Thu, 3 Apr 1997 23:31:55 -0500 (EST)
From: Shabbir Safdar <[email protected]>
Subject: File 5--Rep. Rick White to hold live online town hall meeting 4/10

Source - [email protected]

Government Without Walls
Update No.3 http:/www.democracy.net/ April 3 1997
JOIN INTERNET CAUCUS-CO FOUNDER REP. RICK WHITE (R-WA) LIVE ONLINE!

Representative Rick White (R-WA), co-founder of the Congressional Internet
Caucus and leader on Internet policy issues, will be the guest at
democracy.net's first live, interactive 'town hall meeting' on Thursday
April 10 at 8:30 pm ET (5:30 pm PST).

The town hall meeting, moderated by Wired Magazine's Todd Lappin, will be
completely virtual. The discussion will be cybercast live via RealAudio,
and listeners can join a simultaneous interactive chat discussion and pose
questions to Rep. White.

This is a unique opportunity for Internet users to discuss current Internet
issues, including efforts to reform US Encryption policy, the future of the
Communications Decency Act, the activities of the Congressional Internet
Caucus, and others.

Details on the event, including instructions on how you can submit questions
in advance, are attached below.

___________________________________________________________
INSTRUCTIONS ON HOW TO PARTICIPATE

* Interactive Town Hall Meeting with Rep. Rick White (R-WA) *

DATE: Thursday, April 10, 1997
TIME: 5:30 pm PST / 8:30 pm EST
LOCATION: http://www.democracy.net

In advance of the town hall meeting, please visit http://www.democracy.net
and fill out the form to ask Rep. White a question. We will collect the
questions and forward them to the moderator on the day of the event, and
will make every effort to ensure that questions from constituents are asked
first.

1. Attend and ask Rep. White a question!

Please mark this date in your calendar: Thursday April 10, 5:30PM PST
at http://democracy.net/

2. Get your friends and co-workers to join the discussion

Members of Congress love to hear from their constituents. If you have
friends that live in the district, please forward this invitation and
encourage them to attend.

__________________________________________________________
BACKGROUND

Congressman Rick White, 43, is serving his second term representing the
people of the First Congressional District of Washington state, which
includes parts of Seattle, Redmond, and surrounding areas.

In 1995, White gained national attention through his work on the
Internet and high-technology issues. He was one of a handful of members
selected to develop the final Telecommunications Act of 1996. As the
founder of the Congressional Internet Caucus, he has worked to educate
members of Congress about the Internet and to create a more open,
participatory government through the use of technology.

Additional Information can be found at the following locations:

* Rep. Rick White's Home Page -- http://www.house.gov/white/
* democracy.net Page -- http://www.democracy.net/

______________________________________________________________
UPCOMING EVENTS

Representative Anna Eshoo (D-CA), Internet policy leader from Silicon
Valley, will be the guest at democracy.net's interactive 'town hall meeting'
on Wednesday April 16 at 8:30 pm ET (5:30 pm PST).

Visit http://www.democracy.net for more details.

_________________________________________________________________
ABOUT DEMOCRACY.NET

The democracy.net is a joint project of the Center for Democracy and
Technology (CDT) and the Voters Telecommunications Watch (VTW) to explore
ways of enhancing citizen participation in the democratic process via
the Internet.

To this end, democracy.net will host live, interactive cybercasts of
Congressional Hearings and online town hall meetings with key policy makers.

democracy.net is made possible through the generous support of WebActive,
Public Access Networks, the Democracy Network, and DIGEX Internet. More
information about the project and its sponsors can be found at
http://www.democracy.net/about/

To receive democracy.net announcements automatically, please visit our
signup form at http://www.democracy.net/

------------------------------

Date: Mon, 24 Mar 1997 15:40:06 -0600 (CST)
From: "Scott A. Davis" <[email protected]>
Subject: File 6--UPDATE: Computer Security Script Database

The following is an update to a message posted to CU Digest in recent weeks.

The Banzai Institute - Computer Security Scripts and Software Database
has been a tremendous success. We currently have over 200 scripts and
programs that can be used to test the security on several types of
systems in many different ways. As a result of the recent success, we
have decided to lower the price of a subscription to this database.

OLD SUBSCRIPTION $40.00 per month

NEW SUBSCRIPTION $25.00 per quarter
$50.00 per six months, etc...

We at the Banzai Institute believe that site security is a very important
concern. It is for this reason that we have decided to offer this service.
The idea being that the only way to truly know how secure your site is, is
to hack that site like any other hacker would. We believe that this
database will be very useful in securing your site. It makes no sense to
pay thousands of dollars for a limited program to check for a limited
number of security holes. We provide the user with a continually growing
list of bug exploits that include and go beyond those provided by most
security auditing software. We do NOT condone the use of this information
for illegal or illegitimate use. The database currently contains Sendmail
Bugs And Holes, ICMP Bombs, Sniffer Programs, Keytrap Software, Process
Manipulators, Password Crackers, Spoofers, Login and Process Monitors,
Many root Access Utilities, rdist Tools, passwd file tools, tty Utilities,
rexd, yp, etc... Exploits, Packet Re-Routers plus Much, Much More!

If you are interested, please visit http://www.banzai-institute.org

If you have any questions, please e-mail [email protected]

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 7--Cu Digest Header Info (unchanged since 1 Apr, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #9.27
************************************