Chaos Digest Lundi 8 Fevrier 1993 Volume 1 : Numero 7

Chaos Digest Lundi 8 Fevrier 1993 Volume 1 : Numero 7

Editeur: Jean-Bernard Condat ([email protected])
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere

TABLE DES MATIERES, #1.07 (8 Fev 1993)
File 1--De l'origine du premier e-journal francais, ChaosD
File 2--Comment ecrire a Clinton a la Maison Blanche?
File 3--ICVC'93: Premiere conference bulgare sur les CPA's
File 4--Proposition de nouvel "C2 Orange Book" aux USA
File 5--Phreacking: Est-ce realisable?
File 6--Attention au CCCF (Reprint)
File 7--Re: NTPASS, module chargeable sous NetWare
File 8--Reaction sur "The Little Black Book of Computer Virus"

Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from [email protected]. The editors may be
contacted by voice (+33 1 40101775), fax (+33 1 40101764) or S-mail at:
Jean-Bernard Condat, Chaos Computer Club France [CCCF], 47 rue des Rosiers,
93400 St-Ouen, France

Issues of Chaos-D can also be found on some French BBS. Back issues also
may be obtained from the mail server at [email protected]: all incoming
messages containing "Request: ChaosD #x.yy" in the "Suject:" field are
answered (x is the volume and yy the issue).

CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited.
Some authors do copyright their material, and they should be contacted for
reprint permission. Readers are encouraged to submit reasoned articles in
French, English or German languages relating to computer culture and
telecommunications. Articles are preferred to short responses. Please
avoid quoting previous posts unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.

----------------------------------------------------------------------

Date: Tue Feb 2 08:01:27 EST 1993
From: [email protected] (MICHAEL STRANGELOVE )
Subject: File 1--De l'origine du premier e-journal francais, ChaosD

I find it amazing that the first e-serial in France should only just
appear in 1993, considering the size and age of Minitel. Does anyone
have any comments on why this should be so?

Michael Strangelove
Department of Religious Studies
University of Ottawa

BITNET: 441495@Uottawa
Internet: [email protected]
S-Mail: 177 Waller, Ottawa, Ontario, K1N 6N5 CANADA
Voice: (613) 747-0642
FAX: (613) 564-6641

+++++

Date: Tue Feb 2 13:34:36 EST 1993
From: JQRQC%[email protected] (Joe Raben )

It just seems to me, Michael, that French >academics< are less turned on to
netting than other nationalities, and they may not see Minitel as a meaningful
>scholarly< medium. While SCHOLAR had at latest count 67 subscribers in
Britain, 83 in Canada, 49 in the Netherlands, 31 in Australia, and 18 in
Japan, only 6 have signed up so far in France, and my associates there ask me
to send them faxes!

+++++

Date: Thu Feb 4 08:54:04 EST 1993
From: [email protected] (Guedon Jean-Claude )

There is a second answer to Joe Raben's: to publish on Minitel, one
had to have a periodical number, which explains why so many initial Minitel
services were connected with well known publications such as Le Monde, etc...
This was in response to the newspapeprs's fear of being faced with unfair
competition from the new electronic medium and, in fact, some went so far
as to claim that this was a plot to destroy freedom of the press by
destroying the newspapers themselves. In order to reassure them, the
government forced initial publishers on Minitel (I am using the word
"publisher" in an extrapolated meaning, of course) to be connected with
an existing publication.

I don't know if this policy is still in force.

------------------------------

Date: Wed, 20 Jan 93 05:32 GMT
From: [email protected] (David Daniels )
Subject: File 2--Comment ecrire a Clinton a la Maison Blanche?

It is only fitting that this happened on the eve of tomorrow's presidential
inauguration: I sent a message today to the Clinton Transition Team and got
the following response. Does this mean that they are not keeping up with
their e-mail? So much for electronic democracy!!! :-)

TO: * David Daniels / MCI ID: 438-1897
Subject: Non delivery notification

Message [...] sent Tue, Jan 19, 1993 07:16 PM EST, could not be delivery to:
To: Clinton Transition Team
EMS: CompuServe
MBX: [75300,3115]

for the following reasons:

Mail Delivery Failure. No room in mailbox.

----- Returned message -----

+++++

Date: Thu, 28 Jan 1993 18:12:46 GMT
From: [email protected] (James Barrett )

> Mail Delivery Failure. No room in mailbox.

This is because Jock Gill who handles Email for Clinton was at the
inauguration and not near his computer for a week. The link is back up and
generating *lots* of mail (press releases) from Clinton.

+++++

Date: Fri, 29 Jan 1993 20:32:42 GMT
From: [email protected] (Bruce Schneier )

The White House is on-line. Send mail to them at:

[email protected]

Bruce

****************************************************************************
* Bruce Schneier *
* Counterpane Systems For a good prime, call 391581 * 2_216193 - 1 *
* [email protected] *
****************************************************************************

+++++

Si les americains ne cessent de discuter de l'etat de sante des boites-aux-
lettres electroniques de Bill Clinton (ici dans RISKS #14-29/30 et dans
"Computer Privacy Digest" #2.013, Thierry Platon, dans un papier "Download
et e-Mail: la tour de Babel" de son dossier _Les BBS_ ("InfoPC", decembre
1992, no. 87, page 208) ecrit beaucoup mieux:

Aux Etats-Unis toutefois, on n'utilise pas de code de pays, mais
plutot des codes correspondant au type de message: .com s'il provient
d'une entreprise commerciale, .edu pour une universite ou une ecole,
.org pour une organisation non commerciale, .mil pour l'armee, . gov
pour le gouvernement ([email protected] est une adresse va-
lable!), etc.

Nous n'avons pas manque de transmettre nos felicitations a Bill Clinton par
un message chaleureux a l'adresse indique. Il nous est revenu avec un
commentaire:

Your mail to whitehouse.gov is undeliverable.
whitehouse.gov: unknown host

Mais l'auteur, soucieux de ne pas laisser le lecteur dans une douce ignorance
recidive de plus belle:

[...] Certains types de BBS commerciaux americains peuvent relier ce
type de e-Mail. C'est le cas de CompuServe, par exemple, ou un utili-
sateur reference 72241,407 aura pour code 72241,[email protected].

Thierry Platon n'a jamais utilise de messageries reliees a InterNet. Dans le
cas cite, l'adressage exact pour la plupart des routeurs est particulier. Sur
ATT-Mail, la syntaxe aurait ete:

mhs!csmail!72241.4079

Il saurait aussi que les virgules sont interdites en adressage... et qu'
Atlas400 de Transpac n'est pas connecte a InterNet.

Qui me dira pourquoi?

------------------------------

Date: Tue, 02 Feb 93 17:48:55 +0000
From: [email protected] (Organizing Comitee )
Subject: File 3--ICVC'93: Premiere conference bulgare sur les CPA's

C A L L F O R P A P E R S

ACMBUL's FIRST INTERNATIONAL COMPUTER VIRUS PROBLEMS AND
ALTERNATIVES CONFERENCE

5-8 April, 1993 - Varna, Bulgaria

The purpose of the 1993 International Computer Virus
Conference is to provide a forum for anti-virus product
developers, researchers and academicians to exchange
information among themselves, students and the public.
ICVC'93 will consist of open forums, distinguished keynote
speakers, and the presentation of high-quality accepted
papers. A high degree of interaction and discussion among
Conference participants is expected, as a workshop-like
setting is promoted.

Because ICVC'93 is a not-for-profit activity funded
primarily by registration fees, all participants are
expected to have their organizations bear the costs of their
expenses and registration. Accomodations will be available
at reduced rates for confernece participants.

WHO SHOULD ATTEND

The conference is intended for computer security
researchers, managers, advisors, EDP auditors, network
administrators, and help desk personnel from government and
industry, as well as other information technology
professionals interested in computer security.

CONFERENCE THEME

This Conference, devoted to advances in virus prevention,
will encompass developments in both theory and practice.
Papers are invited in the areas shown and may be
theoretical, conceptual, tutorial or descriptive in nature.
Submitted papers will be refereed, and those presented at
the Conference will be included in the proceedings.

Possible topics of submissions include, but are not
restricted to:

o Virus Detection o Virus Trends and Forecast
o Virus Removal o Virus Prevention Policies
o Recovering from Viruses o Incident Reporting
o Viruses on various platforms o Emergency Response
(Windows, Unix, LANs, WANs, etc.) o Viruses and the Law
o Virus Geneology o Education & Training

THE REFEREEING PROCESS

All papers and panel proposals received by the submission
deadline and which meet submission requirements will be
considered for presentation at the Conference.

All papers presented at ICVC'93 will be included in the
Conference proceedings, copies of which will be provided to
Conference attendees. All papers presented, will also be
included in proceedings to be published by the ACMBUL.

INSTRUCTIONS TO AUTHORS

[1] Two (2) copies of the full paper, consisting of
up-to 20 double-spaced, typewritten pages, including
diagrams, must be received no later than 28 February 1993.

[2] The language of the Conference is English.

[3] The first page of the manuscript should include
the title of the paper, full name of all authors, their
complete addresses including affiliation(s), telephone
number(s) and e-mail address(es), as well as an abstract of
the paper.

IMPORTANT DATES

o Full papers to be received in camera-ready form by the
Organizing Committee by 28 February 1993.

o Notification of accepted papers will be mailed to the
author on or before 10 March 1993.

o Conference: 5-11 April 1993, St. Konstantine Resort,
Varna, Bulgaria

WHOM TO CONTACT

Questions or matters relating to the Conference Program
should be directed to the ACMBUL:

ICVC'93
Attn: Mr. Nickolay Lyutov
ACMBUL Office
Varna University of Economics
77 Boris I Blvd, 9002 P.O.Box 3
Varna
Bulgaria

Phone/Fax: (+35952) 236-213
E-mail: [email protected]

[email protected] (Organizing Comitee)
ACMBUL -- Bulgarian Chapter of ACM

[email protected] (Organizing Comitee)
ACMBUL -- Bulgarian Chapter of ACM

-------------------

Date: Thu Feb 4 10:31:32 EST 1993
From: [email protected] (nicki lynch )
Subject: File 4--Proposition de nouvel "C2 Orange Book" aux USA

CONTACT:
Nickilyn Lynch
Computer Scientist, National Computer Systems Laboratory
National Institute of Standards and Technology (NIST)

The **PRELIMINARY DRAFT** of the U.S. Federal Criteria for Information
Technology Security (FC) (which will eventually replace the "Orange Book")
is available on-line. The files are located on the NIST Computer Security
Bulletin Board. When printed out, both volumes of the document total
approximately 280 pages double-sided.

By the second week of February, the FC (without the figures) should be
available in ASCII format at that site. The figures will also be available
individually in postscript form.

What follows are instructions on how to download the files from the site,
how to register your name for announcements, and how to send in comments.

+++++

TO DOWNLOAD THE FILES FROM NIST'S BBS

The following information is on obtaining the draft Federal Criteria from
the NIST BBS in electronic form. Please use these instructions for
obtaining the files:

You can obtain the files three ways:

* anonymous ftp (PostScript):

ftp to csrc.nist.gov (129.6.54.11)
user anonymous
password <your-e-mail-address>
cd pub/nistpubs
get fcvol1.ps, get fcvol2.ps
quit

* e-mail (PostScript)

Send the following message only to [email protected] (no subject
line necessary, use lower case):
send fcvol1.ps
send fcvol2.ps
The files will be e-mailed to your account.

[Moderateur: J'ai fait la demande par un simple message internet et j'ai
recu 3 fichiers: un accuse de reception de ma demande de 1,3K et deux fichiers
PostScript de 1012K et 894K]

* via a BBS and a modem (PostScript compressed w/ PKZIP)

Set parameters to 8 bit characters, no parity, 1 stop bit.
For 9600 BPS, dial 1-301-948-5140
For 2400 BPS, dial 1-301-948-5717
If not a registered user, follow instructions for registering.
Go to Files section, follow instructions for Downloading, file
names are fcvol1.zip, fcvol2.zip (files are compressed using the
PKZIP utility, which can also be downloaded here, filename is
pkz110.exe)

+++++

REGISTERING YOUR NAME

When you receive an electronic copy of the draft FC, please send us
you name, mailing address, telephone, and e-mail address to the e-
mail address listed below and state that you have an electronic
copy of the FC. If you distribute the document to additional people
in your organization, please send us the same information on those
people as well. We will put the names into our database for any
further announcements, meeting notices, draft announcements, etc.,
related to the effort. NIST will be sending out a LIMITED NUMBER
of hard copies, but due to the substantial expense of sending out
such a large document--even at book rate, we would prefer people
to receive the document electronic means. Therefore, by sending us
your name and the names of those in your organization who have
the downloaded copies of the document, it saves us from having to
send additional hard copies.

+++++

COMMENTS

We are soliciting TECHNICAL, SUBSTANTIVE comments on the document.
The deadline for comments is:

March 31, 1993

All those who contribute substantive comments will be invited to a two-day
workshop at the end of April 1993 to resolve the comments. The workshop
will be held in the Washington-Baltimore area in a to-be-announced
location.

Please send your comments to:

[email protected]

or, if you prefer, you can send us a 3.5" or 5.25" diskette in
MSDOS or UNIX format (please indicate which) to:

Federal Criteria Comments
ATTN: Nickilyn Lynch
NIST/CSL, Bldg 224/RM A241
Gaithersburg, MD 20899

We would prefer to receive electronic copies of comments and/or
name registrations, but we will also receive hardcopy comments/name
registrations at this same address. You can also contact us via
the following fax:

FAX: (301) 926-2733
(please note that this number will be active starting in March)

Thank you in advance for your interest in this effort.

Federal Criteria Group
National Institute of Standards and Technology

--------------------

Date: Tue Feb 2 11:41:25 EST 1993
From: TAWED%[email protected] (Ed Street )
Subject: File 5--Phreacking: Est-ce realisable?

Hey!!!!
I just recently came up with a way that we here could hack our way into the
telephone system. It involves dialing a long distance number and placing a
counter on the calling card number, if the card number is valid then there
is silence, if it's invalid then it returns a busy line.

I think that a computer with a modem could be programed to dial a selected
number and then place a counter on the calling card number, dial the two and
see if it's busy or not. If it's busy then cycle to the next card number. A
very simple algorithm. I was talking to one of my friends that works for the
press and he asked if it was realistic. I think that it would be. But the
only problem is that there is 9 digits to the calling card number. :-(

That's 999,999,999 possibilities! this part seems that it would be
unrealistic. What do you think?? Think that it could take a long time or a
short time. I even thought about getting together a hacking squad, assign a
range to each one to break up the time that it would take.

My friend in the press said that for anyone to believe it I would need proof,
a few simple numbers would sufice.

Any comments??

ed.
East Tennessee State University

--------------------

Date: Mon Dec 28 22:36:51 -0500 1992
From: [email protected] (Storm King ListServ Account )
Subject: File 6--Attention au CCCF (Reprint)
Copyright: Phrack, Inc., 1992

==Phrack Inc.==

Volume Four, Issue Forty-One, File 2 of 13

+++++
From: Synaps a/k/a Clone1 a/k/a Feyd
Date: September 2, 1992
Subject: Remarks & Warning!

Hi,

I've been a regular reader of Phrack for two years now and I approve fully the
way you continue Phrack. It's really a wonderful magazine and if I can help
its development in France, I'll do as much as I can! Anyway, this is not
really the goal of my letter and excuse me for my English, which isn't very
good.

My remarks are about the way you distribute Phrack. Sometimes, I don't
receive it fully. I know this is not your fault and I understand that (this
net sometimes has some problems!). But I think you could provide a mail
server like NETSERV where we could get back issues by mail and just by MAIL
(no FTP).

Some people (a lot in France) don't have any access to international FTP and
there are no FTP sites in France which have ANY issues of Phrack. I did use
some LISTSERV mailers with the send/get facility. Could you install it on
your LISTSERV?

My warning is about a "group" (I should say a pseudo-group) founded by Jean
Bernard Condat and called CCCF. In fact, the JBC have spread his name through
the net to a lot of people in the Underground. As the Underground place in
France is weak (the D.S.T, anti-hacker staff is very active here and very
efficient), people tend to trust JBC. He seems (I said SEEMS) to have a good
knowledge in computing, looks kind, and has a lot of resources. The only
problem is that he makes some "sting" (as you called it some years ago)
operation and uses the information he spied to track hackers. He organized a
game last year which was "le prix du chaos" (the amount of chaos) where he
asked hackers to prove their capabilities.

It was not the real goal of this challenge. He used all the materials hackers
send him to harass some people and now he "plays" with the normal police and
the secret police (DST) and installs like a trade between himself and them.
It's really scary for the hacking scene in France because a lot of people
trust him (even the television which has no basis to prove if he is really a
hacker as he claims to be or if he is a hacker-tracker as he IS!).
Journalists take him as a serious source for he says he leads a group of
computer enthusiasts.

But we discovered that his group doesn't exist. There is nobody in his group
except his brother and some other weird people (2 or 3) whereas he says there
is 73 people in his club/group. You should spread this warning to everybody
in the underground because we must show that "stings" are not only for USA!
I know he already has a database with a lot of information like addresses and
other stuff like that about hackers and then he "plays" with those hackers.

Be very careful with this guy. Too many trust him. Now it's time to be
"objective" about him and his group!

Thanks a lot and goodbye.

Synaps a/k/a Clone1 a/k/a Feyd

------------------------------

Date: Fri Feb 5 06:12:29 GMT 1993
From: Chantal CARTON, Novell (fax: 146989461)
Subject: File 7--Re: NTPASS, module chargeable sous NetWare

Cher Monsieur,

Le programme NTPASS pour lequel vous nous demandez notre avis est un NLM,
c'est a dire un module chargeable dynamiquement de NetWare v3.11. Pour l'
installer, il faut donc suivre le processus suivant.

- Il faut tout d'abord avoir acces physique au serveur. Nous tenons a
vous rappeler que les normes de securite C2 exigent que l'acces au ser-
veur soit protege et tout administrateur de reseau qui assure la securite
de son reseau met un acces physique sur les serveurs.

- Il faut ensuite avoir un acces logique au serveur: NetWare permet de
verrouiller la console par un mot de passe. Encore une fois cette fonc-
tionnalite est utilise par tous les administrateurs et superviseurs de
reseau quotidiennement.

- Il faut ensuite appeler "AccessData" qui demande le numero de serie de
NetWare et le numero de serie de NT PASS et qui alors, finalement, deli-
vre une cle d'acces. Ceci permet de changer (et non de restituer comme
semble le faire croire l'article) tous les mots de passe: ceci fait une
difference fondamentale car toute personne du reseau s'en rend compte im-
mediatement.

Qui, dans une societe, connait le numero de serie du systeme d'exploita-
tion NetWare a l'exception de l'administrateur ou du superviseur?

Donc, en resume, un utilisateur, a partir de son porte NE PEUT PAS ins-
taller ce logiciel et briser la securite de NetWare. Si les normes de
securite les plus elementaires sont respectees (surtout la premiere), ce
logiciel n'est pas utilisable.

Par contre, l'objectif initial de ce produit est respecte. En effet, il
permet a un administrateur qui aurait oublie le mot de passe superviseur
et qui n'aurait pas cree d'equivalent superviseur (et cela arrive...) de
se recreer un nouveau mot de passe pour retrouver l'acces a son serveur.

En esperant que ces elements repondent a votre question et restant a vo-
tre disposition pour tout renseignement complementaire, je vous prie de
croire, Monsieur, a l'expression de mes sentiments les meilleurs.

Chantal CARTON-DEMAZURE
Directrice du Marketing

------------------------------

Date: Sun Jan 10 13:00:58 -0500 1993
From: [email protected] (Chaos Computer Club France )
Subject: File 8--Reaction sur "The Little Black Book of Computer Virus"
Copyright: ComputerWorld, 1992

Virus fighters fume over little black book
Debate rages over merits of publishing codes
Byline: James Daly, CW Staff
Journal: Computerworld Page Number: 4
Publication Date: June 29, 1992

A little book is rattling a lot of chains in the computer security
business these days. A little black book, to be exact.

Only two weeks after being picked up by a small publishing house, The
Little Black Book of Computer Viruses has initiated as nasty and divisive a
free speech battle as this community has seen.

That is because the 178-page ebony volume is chock full of the
necessary source code for creating potentially destructive viruses. And for
$15, the less technically inclined can simply send in a coupon and order
floppy disks already loaded with compiled and executable virus programs.

Anger flames

Professional virus fighters such as Alan Solomon at S&S International
are madder than angry hornets over the publication. They are encouraging
anti-black book campaigns that include picketing author Mark Ludwig's
house, boycotting shops that sell the book, petitioning Congress and even
bringing in lawyers.

Others said the book is relatively harmless because any hacker who
really wants to get virus source code only has to dial up one of the
innumerable hacker bulletin boards to quickly and easily download dozens of
viruses.

Critics dismissed Ludwig's First Amendment defense as the
computational equivalent of yelling ''fire'' in a crowded movie theater.
Inherently 'evil'

''Any virus, by its nature, is evil, and Ludwig presents sample after
sample of ways to go about writing damaging code,'' said David Stang,
chairman of the International Computer Security Association in Washington,
D.C.

''The fundamental attraction of computers is that we can understand,
control and predict what they do,'' he added. ''We do not want that data
messed with, but Ludwig seems to think it's okay.''

Not true, according to Ludwig, who claimed the purpose of the book is
not destructive but educational.

''Computer viruses are not evil, and programmers have a right to
create them, possess them and experiment with them,'' Ludwig said. ''These
viruses are designed so that security people can see what a virus looks
like and how it behaves. How can anyone realistically be in charge of
security without having ever seen a virus?''

The book's jacket cautions that those who misuse its viruses can be
held legally liable, even if the misuse is unintentional. Additionally,
Ludwig said, the viruses in the book are protected by copyright law and
anyone who uses them without his permission will be subject to both civil
and criminal prosecution.

Stang has suggested that if Ludwig's altruistic claims are true, then
he should offer to donate the proceeds from The Little Black Book of
Computer Viruses to a fund that would fight the spread of damaging computer
viruses.

Others have suggested that Ludwig should have included ''pseudo-code''
versions of the viruses, which contain enough information to illustrate a
point without providing a full working virus.

First in a series

The book is scheduled to be the first in a series of three books about
computer viruses. Ludwig first published the book himself last year and
became its primarily salesman after it was reportedly turned down by a
succession of publishers.

The Upland, Pa.-based Diane Publishing Co. picked up the distribution
rights to The Little Black Book of Computer Viruses earlier this month.

''We see nothing wrong with it,'' Diane Publishing President Herman
Baron said. ''We put it out for the simple reason that it fits in with our
catalog of computer security books.''

------------------------------

End of Chaos Digest #1.07
************************************