Previous Next Index Thread

Cu Digest, #7.90

Computer underground Digest    Sun  Nov 19, 1995   Volume 7 : Issue 90
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Field Agent Extraordinaire:   David Smith
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #7.90 (Sun, Nov 19, 1995)

File 1--Masses resist the Internet, study shows
File 2--Espionage Charges against Kevin Poulsen Dropped
File 3--5.8 Million Are Said to Be Linked to Internet the in U.S
File 4--Re: Attention Spammer: The War Has Started
File 5--Internet Hacking isn't just for Unix kiddiez anymore
File 6--The Great Decency Fake-out
File 7--"Computer Crime: A Crimefighter's Handbook"
File 8--Tyranny & mutation: "Giant Black Book of Computer Viruses"
File 9-- (VTW) BillWatch #25
File 10--FBI Targets Expected Growth In Computer Crime
File 11--Cu Digest Header Info (unchanged since 5 Nov, 1995)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date:    Sun, 12 Nov 95 15:40 CST
From: jthomas@sun.soci.niu.edu
Subject: File 1--Masses resist the Internet, study shows

Masses resist the Internet, study shows

By James Coates
Chicago Tribune Computer Writer
Copyright Chicago Tribune (c) 1995

Computer sales are booming and the whole country is abuzz with talk of
information superhighways, but only a relative handful of Americans
have ever gotten their modems to take them on-line.

Just 14 percent of the country's households have successfully used
modems to get on-line even once, according to a major study of
national computing habits by the Times Mirror Center for the People
and the Press.

And most of those, the study found, go on-line only to use e-mail and
not to take advantage of the many other wonders of the Internet.
                             ....................

------------------------------

Date:    Sun, 12 Nov 95 15:40 CST
From: jthomas@sun.soci.niu.edu
Subject: File 2--Espionage Charges against Kevin Poulsen Dropped

U.S. Drops Case of Spying by Computer
Source: New York Times, Nov. 12, 1995 (p. 26)

    SAN JOSE, Calif, Nov 11 (AP)--Federal prosecutors have dropped an
espionage charge against a coputer hacker, saying the military
document found in his possession was obsolete.

The charge was dropped on Thursday in exchange for a guilty plea to
unrelated offenses involving unauthorized intrusions into the files of
the Pacific Bell Telephone Company.

The hacker, Kevin L. poulsen, 30, is already serving a four-year
prison term for rigging radio station contests in Los Angeles, where he
was arrested in 1991.  Prosecutors in the San Jose case agreed that
Mr. Poulsen would be eligible for release in May, after spending five
years in custody.
                           ..............

------------------------------

Date: Sun, 12 Nov 1995 03:24:27 -0600
From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 3--5.8 Million Are Said to Be Linked to Internet the in U.S

Source: The New York Times Sept. 27, 1995

Who Uses the Internet? 5.8 Million Are Said to Be Linked in U.S.

By STEVE LOHR

   Measuring the Internet population is a daunting challenge given the
amorphous nature of cyberspace, with its lack of borders and its
culture of anonymity.

   The latest attempt comes from O'Reilly & Associates, a publisher of
computer books and Internet software, in a report to be published
Wednesday.  And the results look conservative: 5.8 million American
adults are connected directly to the Internet. Another 3.9 million
American adults use only commercial on-line services, like America
Online, Compuserve and Prodigy.

   Estimates of Internet use worldwide have often ranged to more than
30 million, with the United States representing perhaps half of the
total.

                           .....................

   The O'Reilly research found that 67 percent of those with direct
Internet access are male and over half are between the ages of 18 and
34. Their median household income was between $50,000 and $75,000, and
nearly half work in organizations with more than 1,000 employees.

                           .....................

Copyright 1995 The New York Times

------------------------------

Date: Mon, 6 Nov 95 18:13 PST
From:  Michael Gersten <michael@STB.INFO.COM>
Subject: File 4--Re: Attention Spammer: The War Has Started

Well, I'd say that you've got one major bad assumption, and one
questionable assumption.

The first major bad assumption is that you can open a connection to
the mail port (25) on any real system.

I'm running a system where you can't. Lots of people have systems like
this.

You can, if you knew the "real" name of my system, open a connection
to port 25. It's just that the name of my system changes every time I
connect to my ISP. This is called dynamic addressing. The name
"stb.info.com" actually uses an MX record to a friend's site, and a
uucp connection (over the net, of course) for final delivery. Other
sites I'm told use POP or some other remote fetch protocol. I've seen
plenty of real systems that can be pinged, that do not run smail at
all -- they rely on the MX records to send mail elsewhere.

The point is, just parsing the headers from mail will only tell you
what system to try to mail back to, not necessarily what the real IP
location is.

So, if you actually implemented what you said there, then any posting
from my site would be discarded as a forgery. Not good.

The questionable assumption is that everyone is two hops or less. I
really doubt that is true for FIDO hosts. Back when I was a UUCP host
(3 years ago) it was very untrue -- I saw lots of mail with more than
two hops. I don't know how much of a problem this is today. But I'd go
with more than two hops. Problem is, I think that defeats the whole
point of this proposal.

Another questionable assumption: The list of three and two letter top
level names is known.


This is not a joke. What happens when a new top level domain is
introduced? Yes, it's rare, but when a country breaks up and a whole
bunch of new countries are created, it happens. It almost happened
about a week ago, but we still have just "ca", and not "qb".

Another bad assumption: You can even tell if something is a valid name.
Many sites run smail/sendmail with the "vrfy" command disabled -- so
you can't tell what user id's are at a particular site.

------------------------------

Date: Sun, 12 Nov 1995 09:48:04 +1494730 (PST)
From: Christopher Klaus <cklaus@ISS.NET>
Subject: File 5--Internet Hacking isn't just for Unix kiddiez anymore

|Subject--Internet Hacking isn't just for Unix kiddiez anymore

|[To get on mailing list, Alert, send a message to alert-request@iss.net
|and within the message, type: subscribe alert ]

        File Sharing: Dangerous on your network.

We have begun looking into Windows NT/95 OS and what it offers in its
networking capabilities.  What we have found might be of interest
to others security-wise.

You can quickly scan a network, identify any win95/NT machine,
grab a list of the resources available through the machine,
and attempt to access those resources. Once we achieve access to a file shared
resource, we attempt to see if the ".." bug exists.  There is also
the users on the machine itself that we send a message to that they have
been scanned.

Some of the problems with Win95/NT/WfWg is the same problem that exists
in almost every configurable device on the network: that the users
have not configured it securely.  We have found most people who set up
sharable directories have left them passwordless.  This allows
any intruder on the Internet to steal to those files and possible
modify them/delete them.

The password mechanism on these systems has another flaw no one has talked
about before.  We have automated a password checking scheme in our scan.
Here is the choice of possible passwords we try:

 - Typical user passwords such as WORKGROUP, WINDOWS, USER, etc...
 - Passwords derived from the list of resources and users logged in.
 - Passwords attempted from a dictionary file supplied by the administrator
   or the standard Internet Scanner dictionary.

As you are well aware of, that even when a password is used, the chance
of finding a easily guessible password is quite high.  With the scans we
have done, we are doing the brute force attack at about 200 passwords/second.
We do about 18,000 passwords attempts in under 2 minutes.

Windows 95 has no control of locking out further access attempts
so the intruder can endlessly pound away on your machines.

Windows 95 has no logging of any of these attempts.  An intruder can not only
try quite a large number of passwords in a short period of time, there
is no log of these attempts.  Knowing someone is attempting to attack
is as important as fixing the problems themselves.

Once the scan accesses a file shared directory, it attempts
to determine if the machine is vulnerable to the ".." bug.  This bug
allows intruders to access the rest of the hard drive, even though
the machine is configured to only allow access to a certian directory.
The bug is effective because the OS does not properly check for "..", "...",
and "..\" which would give you access to directories above the directory file
shared.  This same type of bug is found on older NFS implementations on Unix.
Microsoft has put out patches for this bug at http://www.microsoft.com/windows

The scanner will now also send a message through the popup program to let
the users know they were scanned.  The problem with this utility
is that the popup program lacks any authentication, therefore an intruder
could masquarade as the administrator and tell everyone to make their
directories sharable because he/she needs access to it.  It would not
be the first time a user fell prey to this type of attack.


Here are some future improvements in security for the resource sharable
file system:

(Some of these features may be on NT, but were not seen on Win95.)

 - better logging of bruteforce attempts
 - put a delay in there after each bad password attempt to slow down
        brute force attacks
 - possibly locking out file sharing attempts after X number of tries
 - allow/deny capabilities based on host addresses
 - better authentication of popup messages

User education needs to take place to ensure proper configuration.
Here are some essential procedures to follow to have a more secure network:

 - users need to password protect all resources
 - users must pick difficult to guess passwords
 - users should never give others access or passwords to their systems
   unless it is through an authenticated process
 - users should install the security patches provided by vendors

Firewalls:

  The SMB protocol, through which file sharing takes place, is on udp/tcp
ports 137, 138, and 139.  Make sure your firewalls/routers block
these ports.

  -------------------------------------------------

Copyright

This paper is Copyright (c) 1994, 1995
   by Christopher Klaus of Internet Security Systems, Inc.

Permission is hereby granted to give away free copies electronically.
You may distribute, transfer, or spread this paper electronically. You
may not pretend that you wrote it. This copyright notice must be
maintained in any copy made.  If you wish to reprint the whole or any
part of this paper in any other medium excluding electronic medium,
please ask the author for permission.

Disclaimer

The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.

Address of Author

Please send suggestions, updates, and comments to:
Christopher Klaus <cklaus@iss.net>
        of Internet Security Systems, Inc.  <iss@iss.net>

Internet Security Systems, Inc.

Internet Security Systems, Inc, located in Atlanta, Ga., specializes in the
developement of security scanning software tools. Its flagship product,
Internet Scanner, is software that learns an organization's network and probes
every device on that network for security holes. It is the most comprehensive
"attack simulator" available, checking for over 100 security vulnerabilities.


--
Christopher William Klaus            Voice: (770)441-2531. Fax: (770)441-2431
Internet Security Systems, Inc.            "Internet Scanner lets you find
2000 Miller Court West, Norcross, GA 30071   your network security holes
Web: http://iss.net/  Email: cklaus@iss.net   before the hackers do."

------------------------------

Date: Tue, 31 Oct 95 22:29:01 PST
From: jblumen@interramp.com
Subject: File 6--The Great Decency Fake-out

 The Great Decency Fake-out

Congressmen and senators are meeting with each other right now
to decide which of two competing versions of the Telcom Reform Act
should be adopted as law. Whichever they choose, they will be able
to send you to prison for saying "Fuck" on the Internet.

We got to this serious and dangerous pass by way of a five act
comedy.

Act I: June. Senator Exon waved his blue book of pornography on the
Senate floor, frothing at the mouth about "pornographers, pedophiles
and predators." The Senate passed the Communications Decency
Act (CDA) by a vote of 84-16, banning unspecified "indecent" speech
online. Numerous commentators point out that the CDA is
ridiculously vague and would certainly ban speech that is
perfectly legal offline.

Act II: June. White knight and futurist Newt Gingrich goes on TV and
announces that the CDA is unconstitutional. Everyone breathes a
sigh of relief because it is well known that this man runs the
House with an iron hand--the CDA will not get through.

Act III: August. The House passes its version of the Reform Act.
True to Gingrich's word, the CDA never even comes up for
consideration. Instead, the unusual Cox-Wyden act is adopted, vaguely but
gloriously praising the Internet as a method of communication,
education and community building but not actually implementing
any legal measures. Spectators declare victory--Gingrich has killed
the CDA.

Act IV: August. The discovery is made that a last minute "manager's
mark amendment" added to the Reform Act would ban the depiction or
description of sexual or excretory organs or functions online.
Most of the Congressmen voting in favor of the final version of
the bill don't even know its there. No-one's name is on it, no-one
knows how it got there. Fewer still understand that this is the
exact language Congress passed into law some years ago to define
indecency on television.

Act V is happening now. The conference committee is looking to
create a compromise version of the Act. Whether it adopts the
CDA (unlikely) or the manager's mark version, it will become illegal
to say anything on the Net you couldn't say on the radio or TV.
The phrase "Fuck the Telcom Reform Act" would get me sent to
prison.

Question: If Gingrich runs the House as tightly as they say, could
this have possibly happened without his knowing? Or have we just
witnessed the Great Decency Fake-out, the ceremonial death of the
CDA and its quiet replacement with something equally lethal?
Why, if the Cox-Wyden bill opposes the F.C.C.'s intervention in the
Internet, did the House adopt a television-style decency standard?

The only reason the Supreme Court has permitted greater regulation of
broadcast media than print is because of scarcity: the government
is already involved in allocating bandwidth, so its not a big step
to regulating content. THIS IS THE WRONG METAPHOR FOR THE INTERNET.
The net is a constellation of printing presses and bookshops and
should be regulated like print media. The indecency standard
adopted by the manager's mark amendment would be clearly
unconstitutional if applied to print media. Let's not let the
Congress put one across on us by applying a more restrictive standard
to the Internet.

Where are the petitions, the mobilization, the concern? The
manager's mark amendment is more dangerous than the CDA,
which had two strikes against it: it was unconstitutionally vague,
and it attempted to apply broadcast standards to the Net. The
manager's mark amendment avoids the vagueness problem. WRITE YOUR
CONGRESSPERSON NOW, especially if he or she is on the conference
committee (CuD has printed the list in a recent issue). Or write to
Mr. Gingrich at georgia6@hr.house.gov.

------------------------------

Date: Wed, 01 Nov 1995 17:15:30 EST
Message-ID: <00998C06.1C7432C0.24275@mukluk.hq.decus.ca>
Subject: File 7--"Computer Crime: A Crimefighter's Handbook"

BKCMPCRM.RVW   951004

"Computer Crime: a Crimefighter's Handbook", David Icove/Karl Seger/William
VonStorch, 1995, 1-56592-086-4, U$24.95
%A   David Icove
%A   Karl Seger
%A   William VonStorch
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   1995
%G   1-56592-086-4
%I   O'Reilly & Associates, Inc.
%O   U$24.95 519-283-6332 800-528-9994 rick.brown@onlinesys.com 800-998-9938
%O   707-829-0515 fax: 707-829-0104 nuts@ora.com
%P   464
%S   Computer Security
%T   "Computer Crime: a Crimefighter's Handbook"

As a guide for law enforcement personnel and systems managers, this
provides a good overview and introduction to computer crime and the
actions to take against it.  Touching on crime, prevention and
prosecution, the book is practical and helpful to those needing to get
a quick handle on the problem.

It is, however, easily evident that the authors are law enforcement,
rather than systems, professionals.  Those expecting a technical
discussion, from the O'Reilly imprimatur, will be disappointed.  The
book started life as an official FBI training manual.  The
explanations and concepts are elementary--and are intended to be so.
Thus, while it might be possible to argue (rather weakly) for the
definitions of viruses, worms and other malware as described in the
book, security experts will likely feel a bit uncomfortable with them.
The abdication of discussion on encryption is not going to help those
who want to help protect their systems.  (On the other hand, there is
nothing to indicate any political bias in regard to encyption.)  The
bibliography, though, is of good quality, and should make up for the
technical shortcomings in this work.

I am delighted to see, for once, not only mention but actual listings
of computer laws from outside of the US.  The coverage is still a bit
lopsided, with 130 of US federal and state statues and less than
twenty devoted to the rest of the world, but it's a start.

copyright Robert M. Slade, 1995   BKCMPCRM.RVW   951004

======================
DECUS Canada Communications, Desktop, Education and Security group
newsletters roberts@decus.ca    slade@freenet.victoria.bc.ca
Rob_Slade@mindlink.bc.ca Author "Robert Slade's Guide to Computer
Viruses" 0-387-94311-0/3-540-94311-0

------------------------------

Date: Fri, 10 Nov 1995 00:48:01 -0600 (CST)
From: Crypt Newsletter <crypt@sun.soci.niu.edu>
Subject: File 8--Tyranny & mutation: "Giant Black Book of Computer Viruses"

In 1990 Mark Ludwig published "The Little Black Book of Computer
Viruses."  It contained the source code for four computer
viruses, one of which - Stealth Boot - has become one of the more
common computer viruses infecting business and home PC's worldwide.
[The virus, known as Stealth Boot C, is the same as the copy
published in the second printing of "The Little Black Book of
Computer Viruses."] As a result, by 1992 Ludwig (also my publisher,
incidentally) was a pariah in conservative computing circles, fit
predominantly for freak-flag-fly-type stories on viruses as artificial
life in WIRED magazine or bad craziness and hate parties at assorted
computer security conferences. In 1990 Ludwig wrote, rather
accurately in retrospect, "[Stealth Boot] is _highly contagious_ . . .
once it's infected several disks, it is easy to forget where it's gone.
At this point, you can kiss it good-bye."  Even the printing business
Ludwig uses for his books was infected with Stealth Boot during
production runs, according to the author.

The introductory parts of Ludwig's new "Giant Black Book of
Computer Viruses" (American Eagle trade paperback, 664 pages)
feature a tone more baldly revolutionary than his previous books.
It's a pitch that resonates with many outsiders - the militias, tax
resisters, Internet anarchists, true believers of New World Order
conspiracy orthodoxy - convinced a big takeover by the
military-industrial complex is imminent. In a segment on "military
applications" of computer viruses Ludwig writes, "Putting military
grade weapons in the hands of ordinary citizens is the surest way to
keep tyranny at bay."  We are moving toward an "Orwellian god-state"
he says, and "the Orwellian state is vulnerable to attack -- and it
should be attacked . . . Perhaps we have crossed the line [of this
state] or perhaps we will sometime between when I [write] this and
when you are reading.  In such a situation, I will certainly sleep
better at night knowing that I've done what I could to put the tools
to fight in people's hands."  Ironically, even extremist Soldier of
Fortune magazine has dropped Ludwig's advertising with nary a word of
explanation. For it, computer viruses are now apparently more feared
than serrated truncheons, pepper spray, assault weapons and
advertising for military adventurers and hit-men.

Dire stuff this is, and the remainder of the "Giant Black Book" is
no exception, with segments devoted to boot sector-infecting
computer viruses, writing "droppers" for them - for example,
the complete source code for Stoned and a diskette-infecting
launcher for it; file-infecting viruses for a multiplicity of
operating systems, virus stealthing; complicated, exotic encryption
schemes aimed at defying anti-virus scanning; and anti-security
measures designed to make clumsy or incomplete disinfection of
Ludwig's viruses a task fraught with the possibility that the
replicating programs will destroy the data structures on the infected
machine in retribution.  Portions of the book are reprints or
clean-ups of articles which have appeared over the past couple of
years in Ludwig's Computer Virus Developments Quarterly and its
successor, Underground Technology Review, which have ceased
publication.

The only other books in the arena even remotely reminiscent of
Ludwig's newest - beside his own stuff - is Ralf Burger's
"Computer Viruses -- A High-Tech Disease," published in 1988 by
a company, Abacus, also in the business of marketing Burger's
anti-virus software.  However, Burger's chapters on simple
overwriting viruses and the mutilation of computer data coupled
to simulation of horrible hardware problems with software - besides
being simplistic and dated - lacks the weird joie de vivre Ludwig's
"Giant Black Book" flashes in assembly language-illustrated tracts
on choosing between formulations of sudden, unexpected data
incineration or creeping file corruption - routines perhaps perfected
while Ludwig was writing destructive code for a US Army group
attached to NATO a couple of years ago.

Those who worry about presumed virus-writing churls from the Internet
getting a copy should stop right now.  Real life probably won't be
quite as predictable. Even though the "Giant Black Book" is genuinely
menacing-looking (the cover's straight outta DOOM), for the truth
to be told experience suggests most would-be and practicing
virus-writers are either too penniless to purchase it, too oblivious
to everything but their own transient concerns to read it carefully
enough so it really hurts, or too bitterly envious of Ludwig for
making a living selling viruses which they've been unable to trade
for even a bag of chipped wampum, to make much of the virus code
and tutorials which constitute the backbone of the book. History
also indicates that it's not a big jump to see that as with
"The Little Black Book," one or two of the "Giant Black Book's"
Ludwig viruses could wind up in circulation on
national computers within two to three years, resulting in an
indeterminate amount of garment rending, trashed data and lost money,
blood on the floors of information systems departments, insane
shouting, and kill crazy editorializing in computer security
publications, none of which will have any impact on the perverse
reality of the world of computer viruses.

There's a part near the end of the "Giant Black Book," written
with an X-file-ish sci-fi whiff of looming future techno-anarchy.
Those comfortable with the reading material found in comic books
devoted to the current fascination with cyberpunk, computer network
dystopia, mysterious helicopter flights over the hinterlands, and
rental vans packed with bags of fuel oil-soaked ammonium nitrate will
be interested. As for the bottom line on "The Giant Black Book of
Computer Viruses": Like all Ludwig's books, it's a distinctly
unusual acquired taste requiring a small but significant amount of
technical acumen to crack. But it's also as interesting a read as
you'll find if you're one with the stones for it.

"The Giant Black Book of Technological Booby Traps, er, Computer
Viruses" -- $39.95 cash money from American Eagle, Show Low, Arizona.
(ISBN 0-929408-10-1)

 ----Crypt Newsletter
 http://www.soci.niu.edu/~crypt

------------------------------

Date: Mon, 20 Nov 1995 13:39:09 -0500 (EST)
From: Voters Telecommunications Watch <shabbir@VTW.ORG>
Subject: File 9-- (VTW) BillWatch #25
                               VTW BillWatch #25

       VTW BillWatch: A weekly newsletter tracking US Federal legislation
     affecting civil liberties.  BillWatch is published at the end of every
        week as long as Congress is in session. (Congress is in session)

                   BillWatch is produced and published by the
                 Voters Telecommunications Watch (vtw@vtw.org)
                             (We're not the EFF :-)

                 Issue #25, Date: Mon Nov 20 13:35:16 EST 1995

     Do not remove this banner.  See distribution instructions at the end.
 _________________________________________________________________
TABLE OF CONTENTS
        Announcements

        The dangers of the new censors

        Subscription and Redistribution Information (changed 10/21/95)

  _________________________________________________________________
ANNOUNCEMENTS

We continue to put off the Health Care Records Privacy examination.  We're
just really occupied with our core issue, the net censorship legislation.
You should have an alert in your mailbox about it right now.
This issue contains:

-an essay from Steven Cherry (VTW Board) about another flavor of censor

Remember, take this opportunity to call Congress and ask them to not
censor the net.  The net is literally fighting for its life right now.

There will be no BillWatch this week due to Thanksgiving.

Shabbir J. Safdar

PS This issue can be found in HTML form at
 URL:http://www.vtw.org/billwatch/issue.25.html

  _________________________________________________________________
THE DANGERS OF THE NEW CENSORS

BillWatch has recently descried the Christian right as embodying the
forces of censorship. Besides being taken to task, quite properly, for
there being no real organization represented by the phrase "Christian
right," we have been reminded recently that there are other forces of
censorship at work.

Perhaps the most pernicious is the force of self-censorship. One instance
of this is the demand that "responsible" corporations and individuals
restrict their own speech, so that the government doesn't have to. We have
even heard it asserted that search engines shouldn't show the location of
indecent material "because children rely on these search tools." (Note
that this is not meant to be an exact quote.)

Leaving aside the question of whether children really do rely on search
engines (I wish my own child would do more of that instead of surfing!) we
have to ask ourselves, once again, whether we really want to child-proof
the Net, placing unscrewable caps on seach engines, three-foot high locked
fences on every newsgroup, and guard-rails on every Web client.

Imagine calling for childproofing the New York City Subway system, or the
Smithsonian museum. I don't mean ridding these of their 17th century nude
art or their graffiti, I mean, imagine childproofing these public spaces
in the way you do your home when you have a baby that's just beginning to
walk.

Right now, we rely on parents to keep their toddlers off the statuary and
the third rail. Why is it not appropriate to ask parents to keep their
children out of certain places on the public Internet?

Steven Cherry
VTW Advisory Board
stc@vtw.org

  _________________________________________________________________
SUBSCRIPTION AND REPRODUCTION INFORMATION

You can receive BillWatch via email, fax, gopher or WWW:

To subscribe via email, send mail to majordomo@vtw.org with
"subscribe vtw-announce emailaddress" in the body of the message.  To
unsubscribe from BillWatch send mail to majordomo@vtw.org with
"unsubscribe vtw-announce" in the body of the message.  Send mail to
files@vtw.org with "send billwatch" in the SUBJECT LINE to receive the
latest issue of BillWatch.

To subscribe via fax, call (718) 596-2851 and leave the information
requested by the recording.  You may unsubscribe by calling the same
number.

BillWatch can be found on the World Wide Web at
http://www.vtw.org/billwatch/

BillWatch can be found in Gopherspace at:
gopher -p1/vtw/billwatch/ gopher.panix.com

Permission to reproduce BillWatch non-commercially is granted provide the
banner and copyright remain intact.  Please send a copy of your non-commercial
publication to vtw@vtw.org for our scrapbook.  For permission to commercially
reproduce BillWatch, please contact vtw@vtw.org.

------------------------------

Date: Sun, 15 Nov 1995 03:24:27 -0600
From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 10--FBI Targets Expected Growth In Computer Crime

The Washington Post
November 14, 1995

FBI Targets Expected Growth In Computer Crime
New Offices to Focus On Scams on the Internet
By Michelle Singletary; Elizabeth Corcoran
Washington Post Staff Writers

The Federal Bureau of Investigation is beefing up its fight
against computer crime. In the next few weeks, the agency said it
will open an office in New York dedicated to investigating
computer crime. Law enforcement officers opened a similar office
in San Francisco last month.

A Washington office, which handles international cases, was
established in 1993.

The San Francisco office will keep a close eye on activities in
Silicon Valley, while the New York squad will handle
financial-related computer crimes. Each computer crimes squad
will have a staff of 14 to 15.

                         ...................

------------------------------

Date: Sun, 5 Nov 1995 22:51:01 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 11--Cu Digest Header Info (unchanged since 5 Nov, 1995)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to  LISTSERV@VMD.CSO.UIUC.EDU

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CUDIGEST
Send it to  LISTSERV@VMD.CSO.UIUC.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org
         In ITALY: ZERO! BBS: +39-11-6507540
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES:  etext.archive.umich.edu (192.131.22.8)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #7.90
************************************