Computer underground Digest Sun May 3, 1998 Volume 10 : Issue 28

Computer underground Digest Sun May 3, 1998 Volume 10 : Issue 28
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #10.28 (Sun, May 3, 1998)

File 1--Critical information about the "Church" of Scientology
File 2--Re: How to tag PhotoCopiers (CuD 10.25)
File 3--REVIEW: "Overdrive: Bill Gates and the Race to Control Cyberspac
File 4--Library Internet Filters Held to High Free Speech Test
File 5--Islands in the Clickstream. Humanity Morphing. May 2, 1998
File 6--Re: Cu Digest, #10.25, Wed 22 Apr 98
File 7--RE: Cu Digest, #10.25, Wed 22 Apr 98
File 8--Re: technical solutions to spam problem
File 9--India's INSAT hacked
File 10--Cu Digest Header Info (unchanged since 25 Apr, 1998)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Tue, 28 Apr 1998 16:37:52 -0600
From: [email protected]
Subject: File 1--Critical information about the "Church" of Scientology

Check out these sites for more critical information on Scientology:

Watch the Xemu Cartoon: http://www.xs4all.nl/~xemu/xemurams/

Visit Xemu's Home Page: http://www.xs4all.nl/~xemu/index2.html

Also the incomparable Operation Clambake: http://www.xenu.net/

The TRUE story of Hubbard: http://www.primenet.com/~lippard/bfm/

Hubbard's "No Christ": http://www.xs4all.nl/~xemu/rams/Nochrist.ram

The famous Xenu flyer: http://www.xs4all.nl/~xemu/flyers/Xemu.html

FACTnet http://www.factnet.org

LermaNet http://www.lermanet.com

American Family Foundation http://www.csj.org

------------------------------

Date: Mon, 27 Apr 1998 22:46:53 +0200 (MET DST)
From: Ulrich Mayring <[email protected]>
Subject: File 2--Re: How to tag PhotoCopiers (CuD 10.25)

In cu-digest 10.25 someone wondered how the tagging of, for
example, color copiers could be done unobstrusively. The way
Canon does it is that they print a serial number in a very light
yellow on the page. This is invisible to the human eye, but can
be read with special scanners.

------------------------------

Date: Tue, 21 Apr 1998 15:42:35 -0800
From: "Rob Slade" <[email protected]>
Subject: File 3--REVIEW: "Overdrive: Bill Gates and the Race to Control Cyberspac

BKOVRDRV.RVW 980220

"Overdrive: Bill Gates and the Race to Control Cyberspace", James
Wallace, 1997, 0-471-18041-6, U$24.95/C$34.95/UK#16.99
%A James Wallace
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 1997
%G 0-471-18041-6
%I Wiley
%O U$24.95/C$34.95/UK#16.99 416-236-4433 [email protected]
%P 307 p.
%T "Overdrive: Bill Gates and the Race to Control Cyberspace"

Although it occasionally refers to earlier episodes, the book
concentrates on Gates, and Microsoft, from 1992 (where "Hard Drive",
[cf. BKHRDDRV.RVW] left off) until 1996. Since this period of the
company's existence was marked by lawsuits and investigations by the
US Federal Trade Commission and Justice Department, it is very timely
as a backgrounder to the current legal woes at Microsoft.

The book covers a lot of ground, moving from topic to topic in a
logically connected style that makes the reading flow easily. The
stories are very personal, in that they trace friendships and enmity
across companies, products, people, and events. A number of the
stories are a kind of trivia filler, developed in a paragraph and
never heard from again. There are also some journalistic discoveries
about the world's richest man. It makes for an interesting read,
although sometimes the reader gets caught in an analysis of whether
this item is important or not. Most of the time the text is quite
authoritative, faltering mostly when the author is probably being most
careful, such as when there are conflicting accounts of the
involvement of a given individual in a given incident.

Wallace's work is well-researched and witty, but not always
technically informed. The Internet is half of the subject of the
book, and yet Wallace seems unaware of the explosive growth the
Internet enjoyed even before the availability of the World Wide Web.
Also, Tim Berners-Lee did not just invent HTML (HyperText Markup
Language): arguably his larger contribution was the HTTP (HyperText
Transfer Protocol) specification which governs the interaction between
Web browsers and clients, allowing HTML to function. Once again, this
lack of accuracy in detail will raise flags in the technical reader as
to the veracity of other parts of the account. Those who know
something of the history of personal computers, however, will find
sufficiently faithful retailing of other occurrences to restore trust.

copyright Robert M. Slade, 1998 BKOVRDRV.RVW 980220

------------------------------

Date: Thu, 23 Apr 1998 17:16:07 -0400
From: "EPIC-News List" <[email protected]>
Subject: File 4--Library Internet Filters Held to High Free Speech Test

Source: EPIC Volume 5.05 April 23, 1998
--------------------------------------------------------------

Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/

*** 1998 EPIC Cryptography and Privacy Conference ***
http://www.epic.org/events/crypto98/

=======================================================================
[3] Library Internet Filters Held to High Free Speech Test
=======================================================================

In the first court ruling on the use of Internet filtering software
in libraries, a federal judge on April 7 rejected a motion to dismiss
a lawsuit challenging the use of filters in public libraries in
Loudoun County, Virginia.

In a 36-page decision, U.S. District Judge Leonie M. Brinkema held
that "the Library Board may not adopt and enforce content-based
restrictions on access to protected Internet speech" unless it meets
the highest level of constitutional scrutiny. Noting that public
libraries are places of "freewheeling and independent inquiry," the
court quoted extensively from Reno v. ACLU, the landmark Supreme
Court decision on Internet free speech, and emphasized that the Court
"analogized the Internet to a 'vast library including millions of
readily available and indexed publications,' the content of which 'is
as diverse as human thought.'"

The Loudoun County decision comes as Congress is considering the
Internet School Filtering Act, a bill that would require all public
libraries and schools that receive federal funds for Internet access
to install filtering and blocking software. The bill (S. 1619) has
been approved by the Senate Commerce Committee and could reach the
Senate floor as early as mid-May. Efforts are underway to revise the
bill to provide for Internet education programs and acceptable use
policies as more effective (and constitutional) alternatives to
mandatory filtering.

Information on Internet filtering, including the text of the Loudoun
County decision, is available at the Internet Free Expression
Alliance website:

http://www.ifea.net
=======================================================================
Subscription Information
=======================================================================

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe or unsubscribe, send email
to [email protected] with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:

http://www.epic.org/alert/subscribe.html

Back issues are available at:

http://www.epic.org/alert/

------------------------------

Date: Sat, 02 May 1998 12:58:43 -0500
From: Richard Thieme <[email protected]>
Subject: File 5--Islands in the Clickstream. Humanity Morphing. May 2, 1998

Islands in the Clickstream:
Humanity Morphing

A funny thing happened on the way to the grave: It disappeared.

But first, as they say, a word from our sponsor.

The primitive brain that has helped us survive does not easily
release its grip. As much as we like to think that we live in the
outer domain of our brains, we snap back into the reptile stem
whenever we think we're threatened. Then we react to things that
look or sound like other things as if they ARE those other things.
I guess looking silly when you run from a car backfiring is better
than dying the one time in a hundred the bang is really a gunshot.

After a threat, it takes most brains a few hours to get back up to
"flow" level and lose themselves again in the pleasures of
creativity and selflessness. Reality has a way of interfering with
our higher pursuits, and the brain thinks it knows which things to
put first.

Labeling or categorizing is one of those things. Labeling must
have great survival value, must save time and energy, must not
cost us much in the long run.

After years of confronting black-and-white thinking, now I feel
it's often a waste of time to suggest a more subtle
interpretation. I used to think education would change all that,
but sometimes I think education just makes our prejudices more
subtle. The experience of living in the digital world will
probably not percolate soon to that deeper reptilian brain that
has, after all, our best interests at heart, even when we disagree
with its conclusions.

Life in the digital world is interactive, fluid, modular. When I
first used the word "morph" in speeches, I asked who knew what it
meant. A few hands went up, then more and more. Now most folks
seem to know that images can change from one thing into another.
But they change through stages, and that's important. As a
metaphor of how individuals and organizations adapt to changing
conditions, it's critical to know that we move from phase to
phase, not all at once. Grandmother does not turn willy-nilly into
a wolf. Grandmother turns into a gray grandmother, than a gray
hairy grandmother, then a gray hairy grandmother with fearsome
teeth, then a wolf.

A young man from an evangelical Christian seminary asked to
interview me for a project. His task was to talk to "others" so
he knew how they thought. He had logged a Unitarian, a rabbi, and
a Jew-for-Jesus when he came to me. He was genuinely interested in
how I had morphed through careers and different religions. "What
should I call you?" he said. "What are you now?"

"I guess, as the Buddhists say, I am 'not this, not that.' I'm in
process. I like to think of myself as open to possibilities."

His pen halted on the pad and his consternation showed. Without a
label, what was he to do? And what are we to do with reality
itself, particularly when our interaction with the digital world
(we are embedded in our time, after all, our historical context is
the matrix of meanings with which we must wrestle) teaches us that
life is fluid, interactive, and modular, and that ultimately there
is only the light of our monitors momentarily illuminating pixels
that we gestalt into symbols that seem so real?

A friend recently criticized evolution, which for all its flaws as
a Theory of Everything still seems to have some useful insights. A
creationist, she spoke about species as if they were real things,
rather than categories we invented. Taxonomy is an addiction, like
the classification of knowledge itself. We need a map, but we
know the map is not the territory. We know the territory
intuitively by the immediacy with which it presses against us as
we walk, alive and responsive and aware.

Hard to maintain our moorings, when everything is going through
the looking-glass. Intellectual property, a category invented in
the past few hundred years, is as blurred as a headline in the
rain. The "protean" self celebrated by some and described ruefully
by others is morphing along: we can choose careers and grow into
others, we can choose partners and grow into others, we can choose
identities and grow into others, and even our illusory self can
watch with amusement or anxiety as it creates and discovers
various personae as vehicles for being in the world.

Hemingway disdained adjectives because they diluted the aesthetic
experience he intended to create. These days, we might be more in
tune with Jorge Luis Borges who wrote about a culture that used
verbs and adverbs to describe its perceptual world. Everything
moved, nothing stayed slotted, and the world was a blur of
temporary states.

It is not news that this is how it is, but it is news that we
can't withdraw easily as we did in the past into a consensus that
the fixed and rigid categories of our minds, from religion to
science to metaphysics, are "real." They're a way our primitive
brains need to know, a modality good for survival.
Oversimplification gets our feet (and our mouths) moving fast when
there's danger or perceived danger, but we use the word "flow" to
denote that most highly prized state in which we lose ourselves
and all illusory attachments to which that self is anchored. The
energies of love, creativity and generosity flow outward into a
world that accepts our contribution without comment, other than
the reflexive joy we feel at knowing that our contribution and
participation is a privilege and a gift.

In a network or web, we exercise power by contributing and
participating. Life, whatever it may be, looks in these digital
days more like a network or web than anything else. There, in that
web, we allow ourselves to be woven into something we don't have
to know or control. And even the grave, as I said when I started,
vanishes into thin air whenever we flow in that direction.

**********************************************************************

Islands in the Clickstream is a weekly column written by
Richard Thieme exploring social and cultural dimensions
of computer technology. Comments are welcome.

Feel free to pass along columns for personal use, retaining this
signature file. If interested in (1) publishing columns
online or in print, (2) giving a free subscription as a gift, or
(3) distributing Islands to employees or over a network,
email for details.

To subscribe to Islands in the Clickstream, send email to
[email protected] with the words "subscribe islands" in the
body of the message. To unsubscribe, email with "unsubscribe
islands" in the body of the message.

Richard Thieme is a professional speaker, consultant, and writer
focused on the impact of computer technology on individuals and
organizations.

Islands in the Clickstream (c) Richard Thieme, 1998. All rights reserved.

ThiemeWorks on the Web: http://www.thiemeworks.com

ThiemeWorks P. O. Box 17737 Milwaukee WI 53217-0737 414.351.2321

------------------------------

From: "Leandro Asnaghi-Nicastro" <[email protected]>
Date: Mon, 27 Apr 1998 23:03:11 +0000
Subject: File 6--Re: Cu Digest, #10.25, Wed 22 Apr 98

On This Day, in the Year of Our Lord 26 Apr 98 at 17:09, thus spoke
[email protected] :

Date--Mon, 20 Apr 1998 10:47:04 -0500
From--Neil Rickert <[email protected]>
Subject--Re--proposal of technical solutions to spam problem

> The alternative would be like having a "big brother" or "post
> office nanny" machine attached to your mailbox, which
> automatically shreds mail if it does not begin with "Dear
> person" and end with "Yours sincerely." We don't need such a
> machine. Automated rejection of email on the basis of header
> information is *evil*. What is needed is some sort of
> authentication information, including an estimation of the
> degree of trust to be placed in the purported origin of the
> message. This information should be transported in the
> envelope (separate from the message content and headers), so
> that it can be dynamically updated as the mail is tranferred
> between machines.

I'm not sure about this spam problem really being a problem. I don't
mean to sound as if I live in a different world, however spam for us
has ceased to be a problem. Take for example my zine. We publish
our e-mail address just about everywhere a spammer (or those
automated programs that collect addresses) would look: usenet and
webpages. Yet we receive no spam at all.

The system is simple, and apparentely it blocks 99% of all spam.
First of all the program checks if the domain name is valid. If the
e-mail is sent by [email protected], the DNS will look the name up and
obviously it will not resolve. The mail is rejected.

Also, many places have domains especially designed to send spam, and
these are simply banned.

Yes, there are disadvantages to this system: first of all, we cannot
get harrasing e-mails from someone who particularly hated us and used
a fake address. The domain will not solve, we will not get the
e-mail. Also, but I am not sure about this since we haven't received
any complains about not replying to an e-mail, if a DNS server is
down that can prove the validity of the site or no IP update has yet
been performed and a valid DNS server does not resolve, that mail
might get rejected as well.

Of course, one could use both an anonymous re-mailer with a domain
that resolves or use a real domain (like [email protected]). We
haven't gotten any of these (yet) but so far the outcome has been
quite successful.

Lastly, before I get chewed by some computer competent people,
please forgive me. I know very little about computers and how they
work in general, so I most likely said something that makes no sense
(technically speaking). My apologies if that's the case. It seems
however, that this system we have adopted works wonders.
In over a year and a half of service with the zine, we have never
received one single piece of spam, while our mailboxes are always
full of reader's comments..

Thank you for your time and for the great service you provide with
CuD.

------------------------------

Date: Tue, 28 Apr 1998 11:21:01 +1000 (GMT)
From: Norman Widders <[email protected]>
Subject: File 7--RE: Cu Digest, #10.25, Wed 22 Apr 98

On Sun, 26 Apr 98 17:09 CDT
Cu Digest ([email protected]) <[email protected]> wrote:

The IETF and current work have produced ESMTP which _is_ an extension of
SMTP. It already has authentication. Its called Authenticated-SMTP and
requires a valid username and password to be able to send email (if
enabled)

> If Vladimir wants to criticize, he should get to the heart of the
> matter, which is the SMTP protocol. This protocol requires no
> sender
> authentication (other than a simple syntax check), and could not
> easily be extended to prevent spam.

Authenticated-SMTP means no more spam, no more faking email, once vendors
begin implementing it and it sees widespread deployment. Netscape
Messaging and Microsoft Exchange already support it, and a few months ago
I informed the folks at sendmail.org about it also.

------------------------------

Date: Wed, 29 Apr 98 21:40:20 -0700
From: "Vladimir Z. Nuri" <[email protected]>
Subject: File 8--Re: technical solutions to spam problem

Editor:

In CuD #10.25, Neil Rickert responds to my post, "technical
solutions to the spam problem" in #10.24. He writes that I have
"misdiagnosed the problem" in referring to SendMail.

I had a feeling the SendMail section would be the most controversial
in the long essay. A reasonable disclaimer might have read, "none
of this should be taken as criticism of SendMail, only as observations
on its nature". Of course this would likely still not evade any
"hard feelings" by anyone who has ever worked on it. SendMail represents
perhaps many tens of thousands of man-hours of development time, and
reflects this enormous labor in both depth of functionality and complexity.

The nature of SendMail deserves virtually an entire essay. It comprises
a very large and crucial part of Internet infrastructure. Yet it has
been developed with the help of many volunteers. It seems paradoxical
that something so valuable would have this degree of informality.
Contrast it with say, a browser like Netscape, in which (at least for
a time) there was enormous economic incentive to make it state-of-the-art.
Or, consider internet routers. Such a powerful incentive and demand
does not appear to be associated with SendMail, as evidenced by a
rather gradual rate of new releases.

Wired ran some recent headlines online in which it was announced that Eric
Allman, chief maintainer of SendMail, had added some anti-spam features. So
Rickert seems perhaps unaware of the fact that Allman sees SendMail as
a legitimate place for anti-spam components in his denial that
"it has very little to do with spam". Perhaps its design does not
intentionally create spam, but spam is a clear consequence. Also, it is
the obvious loci for any serious spam solutions.

At the end of the essay I refer to qmail, being developed by D.Bernstein.
(www.qmail.org). qmail has obviously been developed to make up for some
of the weaknesses of Sendmail in performance and internal structure.
That SendMail has weaknesses, or perhaps even (gasp) deficiencies,
is not a novel observation on my part. It is certainly not an indictment
of the maintainers. Many other rants on the subject can be found in
the book, "The Unix Haters Handbook".

The point of the "technical proposal" is not to attribute blame to some
specific aspect of the Internet as responsible for spam. As the essay notes,
it is a very nonlocal problem that resists local attempts at
solving it. The essay proposes that it is not so much poor design that has
led to it, but more like a lack of imagination so far. SendMail is unarguably
one aspect of an environment that is highly conducive to spam. I was on an
anti-spam mailing list, and the finger pointing seems even more shrill
than in most places in the computer industry in which vendor A accuses
vendor B, and vice versa ad nauseaum.

Rickert states that the SMTP protocol "cannot easily be extended
to prevent spam" via sender authentication. In fact, it is a tautology
that no part of the internet can easily be extended. The standards are
all in place, the software is already written! Even with the modernity
of the Internet, there are already huge legacy systems in place.

The essay seeks to make proposals that break this gridlock and stalemate.
It is a matter of semantics and imagination where they are perceived
to be applied: SendMail, SMTP, etc. It can be thought of as a new SMTP
proposal, a new SendMail proposal, or neither. Politically, I'm not
interested in how it is implemented, and neither, presumably,
would the average user. That's what so maddening about the spam problem--
it's nobody's responsibility or jurisdiction in particular to fix it.

We have a chicken-and-egg problem with many new internet standards.
People will not write the software without the standards, but often
the standards cannot be described without software models. Spam solutions
seem to fall into this category particularly. Software to clean up spam
would be something akin to a janitor's job-- highly necessary, but few
would care to be involved. And this is not even to mention the often
minimal economic incentives to create the software.

I tend to agree with Rickert's description of the internet as starting
out with tighter, trusted core of machines that were more carefully
guarded. Rickert proposes a new "central core of trustworthy machines",
calling it "the best solution". Actually within the SRN (self regulated
network) proposal there is much reference to creating virtual networks
of trusted machines based on the SRN protocols. But it doesn't insist
on a "master core"-- it considers that any number of different cores might
evolve with varying degrees of self-regulation by members. Generally,
I would disagree with Rickert that a single central core is palatable
or even possible.

Mr. Rickert melodramatically sets up a hollow straw man in suggesting that a
sendmail that could reject email based on header information would inevitably
lead to a "big brother" or "post office nanny" type system. The essay clearly
suggested that this header information could contain authentication
controls, precisely in a manner similar to what Rickert himself
proposes. The essay also mentioned digital cash being contained
in a header. Whether the information is traded "out of band" within
the protocol or within the message is a somewhat insignificant design
consideration. The hard part is setting up the overall protocol, system,
and infrastructure.

"Automated rejection of email on the basis of header information
is *evil*" quoth Mr. Rickert. A rather dogmatic pronouncement.
The idea of the essay was that the header information could contain
authentication information. I agree with what Mr. Rickert seems to
be trying to say, that any arbitrary rejection of email based on
elements that are easily forged would obviously be disastrous.

What are the odds that SRN type systems will evolve in the future?
I am both optimistic and pessimistic. As the essay notes, to a large
degree they already exist in informal mechanisms and procedures now
being practiced in cyberspace as we know it. Whether they can be
elegantly embodied or that anyone cares to do so are huge hurdles.
I think that spam will over time increasingly threaten the current
viability and practicality of internet email without any new measures.

------------------------------

Date: Tue, 28 Apr 1998 11:06:30 -0700
From: Jeremy Lassen <[email protected]>
Subject: File 9--India's INSAT hacked

Space Age Publishing's India correspondent B. R. Rao reports that
"hackers" have succeeded in stealing transponder time on board
India's domestic communications satellite, INSAT. The Network
Ops. Control Center(NOCC)of India's Dept. of Telecommunications
is "...in the process of identifying the culprits".

The director of NOCC confirms that a reward has been offered to
anyone who can provide information that helps identify the
culprits. Reports indicate the NOCC is aware that "...anybody in
possession of the technical details of INSAT and its frequency
ranges can at regular intervals tap into its transponders and
transmit data free across the globe."

I know this is rather vague, but I hadn't read about this
anywhere else, and thought that the CUD's readers might find it
interesting. Anybody need some transponders time? :)

------------------------------

Date: Thu, 25 Apr 1998 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 10--Cu Digest Header Info (unchanged since 25 Apr, 1998)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

CuD is readily accessible from the Net:
UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #10.28
************************************