Computer underground Digest Sun Apr 27, 1997 Volume 9 : Issue 33 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.33 (Sun, Apr 27, 1997) File 1--Wired news: German Network Lifts Ban on Dutch ISP (fwd) File 2--Effective blockade on the Internet impossible (AP newswire) File 3--HACK - Censorship as system failure; route around... File 4--Demand letter - Milburn v. Hasselton?? File 5--Fwd: More news about DES... File 6--NSF out of DNS, what comes next? File 7--Texas CyberWar - Tx Telecom Jrnl (fwd) File 8--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Thu, 24 Apr 1997 15:22:36 +1000 (EST) From: Peter Tonoli Subject: File 1--Wired news: German Network Lifts Ban on Dutch ISP (fwd) From-- tank To-- tank@xs4all.nl Date-- Wed, 23 Apr 1997 11:39:04 +0200 (MET DST) >From www.wired.com: German Network Lifts Ban on Dutch ISP With mirror sites defeating its attempt to shutter a left-wing magazine, Germany's main academic network has called off the blockade. The network acted 11 April after prosecutors warned that Radikal magazine, hosted by Dutch ISP XS4ALL, was illegal. The network then blocked XS4ALL, which hosts 6,000 Web sites. Protests included widespread mirroring of Radikal. "An effective barrier to the illegal content was not possible," a network spokesman told the Associated Press Tuesday. XS4ALL Internet BV - Felipe Rodriquez-Svensson - finger felipe@xs4all.nl for Managing Director - - pub pgp-key 1024/A07C02F9 ------------------------------ Date: Thu, 24 Apr 1997 10:38:59 +0200 (MET DST) From: Felipe Rodriquez Subject: File 2--Effective blockade on the Internet impossible (AP newswire) This was was sent in Germany on tuesday, i got the translation today: "Effective blockade on the Internet impossible" Frankfurt/M, April 22 (AP) Effectively barring information of a certain kind from the Internet is not possible. That is the outcome of a week long blockade by Deutsche Forschungsnetz (DFN) of the Dutch Internet provider XS4ALL (meaning Access for All), which was lifted Monday evening. "It has been demonstrated that an effective blockade of illegal information has not been within the bounds of possibility" said DFN spokesman Klaus)Eckart Maass to AP news agency last Tuesday. Other Web servers, according to Mr Maass, have set up mirror sites of the online edition of the underground magazine "Radikal", published via XS4ALL, that is, it has been copied and been made accessible to the public. But this only served to put "Radikal" really in the picture. Besides, he had been faced with a flood of protest and abuse from the Internet, Mr Maass said. "Maintaining the blockade was not feasible." With their measure of 11 April, DFN responded to a letter from the Federal Criminal Investigation Department, pointing out the illegal contents of the magazine. Issue no. 154 of the radical left wing magazine contains a "Short Guide to hindering railway transports of all kinds" a manual describing how attacks can be made on the tracks on which the nuclear waste transports to Gorleben take place. On account of the Telecoms Bill, which received its second reading in the federal parliament on Friday, he is obliged to bar access to material on the Internet as soon as he learns of any illegal contents, Mr Maass explained, provided this is technically feasible. Protests from Serbia's opposition broadcasting station B92 As suppressing separate Web)pages is technically not possible, DFN cut off all access to the Dutch provider, which offers more than 6,000 different information sites among which those of Serbian opposition broadcasting station B92 and several others in the scientific field. "I cannot undertake anything that hampers scientific developments", said Mr Maass. Three DFN users complained they were no longer able to reach archeological and other information at XS4ALL. DFN, to which all German universities are connected, is used by about 500,000 users to obtain access to the Internet. Protests also came from B92, as the broadcasting station found its efforts to further the cause of democracy in Serbia thwarted by the blockade. In September of last year several commercial Internet providers had already blocked XS4ALL temporarily out of concern, so they said, that the measures taken by the law could take on such dimensions as would endanger their very existence. This action gave rise to fierce protests on the Internet, but also caused XS4ALL to remove issue 154 of "Radikal" from the server temporarily. It has not come to that during this recent blockade. Speaking out on the renewed blockade, XS4ALL said they were surprised, stating that censoring measures on the Internet had repeatedly proved to be counter productive. "As a provider we take the position that we cannot curtail freedom of opinion", XS4ALL spokesman Felipe Rodriquez-Svensson said. If there are doubts about the legitimacy of "Radikal" in the Netherlands, they should be settled in a Dutch court. ------------------------------ Date: Wed, 23 Apr 1997 23:12:37 EDT From: Martin Kaminer Subject: File 3--HACK - Censorship as system failure; route around... Date--Wed, 23 Apr 1997 11:33:37 -0500 (CDT) From--FringeWare News Network Sent from: heath m rezabek http://www.news.com/News/Item/0,4,9964,00.html Teen bypasses blocking software By Courtney Macavinta April 22, 1997, 5:30 p.m. PT A teenager is using his Web site to help others bypass one brand of filtering software intended to protect minors from illicit Net material. Using the "CYBERsitter codebreaker" from 18-year-old Bennett Haselton, surfers can now decode the list of all Net sites blocked by Solid Oak's Cybersitter software. Haselton--the founder of a teen organization called Peacefire that fights Net censorship--contends that the software violates free speech rights for adults and teen-agers. He claims the software is also falsely advertised because it promises parents the "ability to limit their children's access to objectionable material on the Internet," but also blocks other content on the Net. Haselton's campaign to get around Cybersitter has Solid Oak's president seeing red. Solid Oak denies Haselton's charges and is investigating the legality of the code-breaking program. "He doesnUt know anything, and he's just a kid," Solid Oak President Brian Milburn said today. "We have never misrepresented our product--ever." Haselton's Cybersitter codebreaker can be used to crack a coded list of the sites that CYBERsitter blocks. The list is distributed to subscribers to notify users what sites are being blocked. Subscribers pay $39.95 for the software. The software blocks sites containing any words describing genitals, sex, nudity, porn, bombs, guns, suicide, racial slurs and other violent, sexual and derogatory terms. The list also blocks an array of sites about gay and lesbian issues, including PlanetOut and the International Gay and Lesbian Human Rights Commission . Cybersitter even blocks the National Organization for Women because it contains information about lesbianism, Solid Oak stated. "The NOW site has a bunch of lesbian stuff on it, and our users don't want it," said Milburn. The software also filters any site that contains the phrase "Don't buy CYBERsitter" as well as Haselton's own site and any reference to his name. Milburn says Haselton's campaign is hurting the product's marketability and hinted that the company will stop him, but wouldn't say exactly how. "We have users who think they purchased a secure product. This is costing us considerably," Milburn said. "But we're not going to let Bennett break the law." He did point out that Haselton's program to decode the software may violate its licensing agreement, which states: "Unauthorized reverse engineering of the Software, whether for educational, fair use, or other reason is expressly forbidden. Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited." Haselton is undaunted by the suggestion of legal reprecussions. "I've talked to a lawyer who offered to represent me in the event that Cybersitter goes after me," he added. Haselton, a junior at Vanderbuilt University, argues that the software doesnUt protect kids from smut, but just keeps them from learning new ideas. "Blocking software is not the solution to all of our problems. What's dangerous is not protecting [teenagers' free] speech on the Net as well," he said. "This is the age, when you form your opinions about social issues, human rights, and religion. We need to keep free ideas on the Net for people under 18." Haselton's organization is also a plaintiff in a lawsuit being argued today in New York, the American Library Association vs. Governor George Pataki. The case was filed to strike down a state law similar to the Communications Decency Act that prohibits making indecent material available to minors over the Net. ------------------------------ Date: Thu, 24 Apr 1997 15:18:50 -0500 (CDT) From: Bennett Haselton Subject: File 4--Demand letter - Milburn v. Hasselton?? Source - fight-censorship@vorlon.mit.edu, peacefire-talk@vorlon.mit.edu [I like the part about us linking to his web site. -Bennett] >Return-path-- >Date--Thu, 24 Apr 1997 09:59:10 -0700 >From--Brian Milburn >Subject--Demand letter >X-Sender--Brian Milburn >To--bennett@peacefire.org >Organization--Solid Oak Software, Inc. > >The following is a copy of a certified letter mailed to you on April 24, 1997. > >------------------------------ > >Bennett Haselton >Vanderbuilt University >Box 1161, Station B >Nashville, TN 37235 > >Re: www.peacefire.org > > >Dear Mr. Haselton: > >Please let this letter serve as notice of the following: > >1. You have posted a program on your web site called "CYBERsitter filter file >codebreaker". This program illegally modifies and decodes data and source code >protected by U.S. and International intellectual property laws. > >This program performs this action without permission of the copyright owner. We demand >that this program be removed immediately. > >2. You have placed links on your web site to various locations on servers owned and >operated by Solid Oak Software, Inc., a private corporation. These include, but are >not limited to, HTTP links, FTP links, and e-mail links and private e-mail addresses. > >You have done this without permission of Solid Oak Software, Inc. Further use of >these links to our private facilities will be viewed as trespassing and intentional >harassment. We demand that these links be removed immediately. > >Your failure to comply with these demands immediately upon receipt of this letter will >be met with appropriate action. > > >Sincerely, >Brian Milburn, President >Solid Oak Software, Inc. > > > >____________________________________________ > >Brian Milburn >Solid Oak Software,Inc. - Santa Barbara, CA >bmilburn@solidoak.com - CIS: 74774,551 >http://www.solidoak.com - CIS: "GO SOLIDOAK" > > > --------------------------------------------------------- bennett@peacefire.org (615) 421 6408 http://www.peacefire.org ------------------------------ Date: Fri, 25 Apr 97 22:09:30 -0700 From: Gordon Meyer Subject: File 5--Fwd: More news about DES... ---------------- Begin Forwarded Message ---------------- Date-- 04/25 5:52 PM From-- Justin Dolske, dolske@cis.ohio-state.edu Thanks for your DESCHALL mention in CUD 9.31... Here's a further development in the DESCHALL DES cracking effort... We're actually testing over 1 billion keys per seconds right now, and are close to hitting 2% done! Justin Dolske (dolske@cis.ohio-state.edu) Graduate Fellow / Research Associate at The Ohio State University, CIS Dept. INTERNET LINKED COMPUTERS CHALLENGE DATA ENCRYPTION STANDARD LOVELAND, COLORADO (April 17, 1997). Thousands of computers, all across the U.S. and Canada, are linking together via the Internet in an unprecedented attempt to "crack" the Data Encryption Standard, DES. The so-called DESCHALL effort is responding to a challenge, including a prize of $10,000, being offered by RSA Data Security to the individual or group which is first to decode RSA's secret message. According to Rocke Verser, a contract programmer and consultant, who developed the specialized software in his spare time, "There are over 2500 computers now working cooperatively on the challenge." Using a technique called "brute-force", computers participating in the challenge are simply trying every possible key. "There are over 72 quadrillion keys. A number", Verser quips, "about 15,000 times larger than the deficit." But the DESCHALL group is racing through the keys at an incredible pace. The group is now trying over 50 trillion keys per day -- or more than 600 million keys per second. Perhaps even more impressive, the number of computers participating, and the rate at which they are trying keys has been doubling every 8 to 11 days for the past 2 months. If the number of participants continues to double every 10 days, it should take about 2 months to find the key. If no other participants joined the effort, it should take about 2 years to find the key. Word of this cooperative effort has spread primarily by word of mouth, and the Internet equivalents -- IRC, Newsgroups, and Mailing Lists. Noone knows where the growth of this type of cooperative computing effort will peak. "Members of the DESCHALL team will be in a festive mood, Friday", Verser predicts. "About suppertime" on Friday, DESCHALL computers will have tested 1% of the total set of 72 quadrillion keys. Anyone with a computer and an Internet connection can participate. The software is available free of charge, and a portion of the prize money will be awarded to the computer user that finds the correct key. Information about the DESCHALL effort, including how to join, is available from the official DESCHALL Web site at: MEDIA CONTACTS: Matt Curtin, (908) 431-5300 x 295, ALTERNATE: Rocke Verser, (970) 663-5629, - 30 - INTERNET LINKED COMPUTERS CHALLENGE DATA ENCRYPTION STANDARD Background / Sidebar, for Release dated April 17, 1997 The Data Encryption Standard, DES, is a national standard, adopted in 1977. Use of DES is mandatory in most Federal agencies, except the military. DES is very widely used in the private sector, as well. Interbank wire transfers, Visa transactions, your medical and financial records, and your employer's financial data are some of the many things secured against prying eyes or against modification by DES. When the Data Encryption Standard was adopted in 1977, there was some question as to whether or not the Standard was adequate to protect confidential data. Matt Curtin, Chief Scientist for Megasoft, Inc. says, "This is proving by example, not by mathematical calculation, that DES can be broken with little or no cost." Curtin added, "Others could just as easily be attempting to gain access to multibillion dollar wire transfers." MEDIA CONTACTS: Matt Curtin, (908) 431-5300 x 295, ALTERNATE: Rocke Verser, (970) 663-5629, ------------------------------ Date: Wed, 23 Apr 1997 22:46:58 -0400 (EDT) From: Thomas Grant Edwards Subject: File 6--NSF out of DNS, what comes next? Source - fight-censorship@vorlon.mit.edu C-NET is reporting that the National Science Foundation is getting out of the domain name business as early as March 1998 if not sooner, and will not renew the InterNIC agreement with Network Solutions. NSF acting deputy director Joseph Bordogna is quoted as saying "The long-term issues raised by [an internal report made public today] may indeed require additional government oversight. We are referring the OIG report to appropriate policy-makers in the Administration for consideration." This kind of rhetoric makes me think that the Administration is going to try to rush in like a white knight and try to solve our "problem" in a way which will no doubt lead to government censorship of domain names. While Network Solutions has had a government-granted monopoly on domain names, at least it was a level removed from the government itself. I fear we will begin now to see trial balloons floated for direct government intervention in DNS issues. I can imagine Congresscritters arguing, "We need the Internet for our children...butthole.com, sex.com, christ.com, penis.org, vagina.com, anal.org, and the like just will not do!" Someone please tell me I'm worrying too much! ------------------------------ Date: Thu, 24 Apr 1997 07:57:26 -0500 (CDT) From: David Smith Subject: File 7--Texas CyberWar - Tx Telecom Jrnl (fwd) ---------- Forwarded message ---------- Date--Thu, 24 Apr 1997 05:15:57 -0500 (CDT) From--Gene Crick TTJ is a digest of news/analysis for telecommunications professionals Re-posting is allowed where appropriate, if full attribution included All Copyrights (1995-97) retained by Texas Telecommunications Journal =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Texas Telecommunications Journal volume 2, number 14 Secession and Cyberspace: The First Internet War GENERAL MORALES VS. THE REPUBLIC OF TEXAS Recently the eyes of Texans have been turning to the Internet, observing the continuing conflict between Texas Attorney General Dan Morales and the "Republic of Texas" political group, a secessionist organization which challenges current state and federal government authority and has been filing allegedly "bogus" liens against Texas property deeds. In civil actions arising from these liens, the Texas AG served subpoenas on ten Texas ISPs, demanding the ISPs turn over all sorts of records relating to several subscribers, most of whom are linked by the AG to the Republic of Texas group. The demand could include printout of all those customers' system e-mail, website content, service applications, account IDs, passwords, plus payment and other business records. Eight of these ISPs, acting on legal counsel, reportedly delivered records to the AG. Two others, Internet Texoma and Overland Network, were less cooperative. Expressing concerns about subscriber privacy and possible violation of the federal Electronic Communications Privacy Act of 1986 (ECPA), they joined forces with the Texas ISP Association (TISPA) to oppose the broad scope of information sought by Attorney General Morales. The ISPs maintain they are placed in an impossible position by the AG's subpoenae. Though they are willing to comply with any lawful court orders received, they claim compliance as requested by the AG would force them to violate their perceived responsiblities to their customers and also violate explicit privacy requirements of state and federal law. One concern cited by the ISPs is this delivery would make all the email information public. Since many subscribers requested were not party to any lawsuits, this raises significant issues for Internet privacy. So whatever the outcome of these actions, Internet precedent will be set. Another complaint from TISPA/ISP attorney Scott McCollough is that the AG's subpoenae were not from a judge, merely from a court reporter. Unlike true judicial orders these demands, if denied, do not necessarily subject the non-complying ISPs to penalties for contempt of court. THE WORLD IS WATCHING TEXAS... AGAIN The investigative precedents sought by Attorney General Morales raised hackles outside the state. In a letter to Wired News, Wayne Shirley, Chairman of the New Mexico Public Utility Commission said, "I find the actions by the Attorney General of Texas to be beyond any reasonable limit which even an overly zealous rookie prosecutor would argue." Chairman Shirley (whose brother-in-law is COO of Internet Texoma) further maintains that "the actions of the Attorney General of Texas in this matter undermine the bedrock foundation of our free society." SO WHAT'S GONNA HAPPEN? The position of TISPA and the two ISPs is that any customer specific content or information is private and confidential and thus cannot be revealed under casual summons. They contend these customer data are protected by laws and safeguards which require more than the AG's current subpoenae to breach. Faced with this opposition, the Attorney General apparently intends to curtail his Internet subscriber information requests significantly, and is expected to drop demands for user email logs and message contents. He seems more intent on pursuing action against the dissident "Republic" than on starting a conflict with people on the Internet. KEVLAR AND KEYBOARDS In a bizarre late development the Republic of Texas has just posted a formal "Declaration of War" to their website at Overland Network. (TTJ just reports `em, folks; we don't try to explain this kind of politics.) Once again, the ISPs involved are placed in an uncomfortable position - debate is certain over whether this secessionist act is protected free political speech or criminal treason against the lawful government. But whatever legal view prevails, to the best of our knowledge this marks the first time that the Internet has been used to declare a war. * * * * * * Final Note: it's tempting to be flip about such strange happenings. But recent events remind that real people can sustain real harm in political conflicts. Let's hope this whole episode remains nothing more than a slightly off-center milestone as rights are defined in Cyberspace. Republic of Texas web sites: . * * * * * * * * * * * 22 April, 1997 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= TTJ editor Gene Crick is also president of the Texas ISP Association. Note: TTJ is a journal of information, opinion and telecom advocacy. We cannot guarantee accuracy of these early, informal reports; please check with official sources to confirm critical results. Subscribers may request details or forward specific questions. Subscription info: Gene Crick gcrick@main.org 512/303-1021 fx 321-3163 ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators Subject: File 8--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.33 ************************************