Chaos Digest Lundi 10 Mai 1993 Volume 1 : Numero 23 ISSN 1244-4901 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.23 (10 Mai 1993) File 1--_Chaos Corner_ contre _Chaos Digest_ (image de marque[s]) File 2--Recevoir du courrier pirate devient dangeureux (courrier) File 3--The Legion of Doom: le retour (actualite) File 4--TAMU Security Tools Package (nouveau produit) File 5--Apres la _Galactic Hacker Party_ de 1989... (congres d'ete) File 6--"Computer Viruses ..." de Haynes/McAfee (critique) Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost by sending a message to: linux-activists-request@niksula.hut.fi with a mail header or first line containing the following informations: X-Mn-Admin: join CHAOS_DIGEST The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299) groups. Issues of ChaosD can also be found on some French BBS. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP from: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.91] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue Apr 27 17:15:41 -0500 1993 From: rdc@pelican.cit.cornell.edu (Bob Cowles ) Subject: File 1--_Chaos Corner_ contre _Chaos Digest_ (image de marque[s]) There seems to exist a possible confusion between the name of your digest and an electronic journal that I have been publishing for several years (since June, 1991). I'm not sure what the best resolution is at this point (it's not like either of us is going to lose any money); but we should certainly be aware of each other's journal. I assume that you chose your name based on the Chaos Club ... and I chose my name (of Chaos Corner) based on the Chaos Manor column in Byte Magazine (also on the condition of my office). I hope that we can cooperate and keep any confusion to a minimum. The following file is what I send out in response to requests for information or new subscriptions: +++++ What you have here is a combination of Dr. Science (from National Public Radio), Chaos Manor (from Byte), and Rumor Central (from PC Week). Chaos Corner is a small, randomly published electronic newsletter I write that mentions things I have found in the process of wandering across the network. Back copies are available, and a copy of Volume 1 and 2 (with an *index*) is available in PostScript form (via ftp) or bound hardcopy with nice covers. Volume 1 (10 issues) or volume 2 (11 issues) can be obtained as a file with an index at the back. ftp to pelican.cit.cornell.edu and look in /pub for the files ccv01.text (the ascii version) and ccv01.ps (the PostScript version). For volume 2, look for ccv02.ps or ccv02.text Single issues can be obtained from the same place and are of the form ccv0Xn0Y.txt where X is the volume number (1 for 1991, 2 for 1992, and 3 for 1993). Subscriptions may be obtained by sending mail to: chaos-request@pelican.cit.cornell.edu The lead-in and trailer to Dr. Science always says "I have a masters degree, in science..." +++++ Sincerely, Bob Cowles (bob.cowles@cornell.edu) Assistant Director for Technologies (alias dr.chaos... I have a Master's degree) Cornell Information Technologies Ithaca, NY USA ------------------------------ Date: Wed Apr 28 15:33:36 EDT 1993 From: T01CAL%ETSU.BITNET@uga.cc.uga.edu (calvin ) Subject: File 2--Recevoir du courrier pirate devient dangeureux (courrier) Organization: East Tennessee State University sir: a mutual friend of ours requested that i write to you and tell you about recent events at etsu. ed street has been expelled from this unversity due to a virus attack. it is possible that one of ed's viral experiments got away from him and infected several labs on campus. the labs were infected with the DIR_II virus and because of ed's research suspicion feel upon him one of the effects of the investigation was that ed's cms account was searched and his correspondance was confiscated. as part of the investiga- tion any individuals the ed was in contact are also under "investigation" and is possibly involved in a "international conspiracy" to penetrate etsu's security.pretty scary stuff, huh? -c [ChaosD: Ce message nous est parvenu de la sorte sans autre explication. Notre correspondant "Ed Street" est l'un des intervenants les plus connus de "Virus-L Digest". Voici les deux courriers qu'il nous avait envoye avant que son compte ne soit ferme!] Date: Fri Nov 13 12:57:54 EST 1992 From: TAWED%ETSU.bitnet@CUNYVM.CUNY.EDU (ed street ) Subject: in responce, and a question... greetings! first off my opinion is that every programer should have access to information pertaining to viruses. The mass of the public is under the impressions that viruses's are harmfull, but little do they know that there main goal is to survive and to replicate. (it started out from a game...) but I think I don't need to go into much detail here (you probably know more than I do on this subject) I think that re-printing the black book would be a great help to those who (like me) would love to obtain a source of information on viruses so as to emperiment... and am in dis-believe that the french goverment is trying to crack down on such matters... Also I was curious as to why this question was asked of me, I am very glad that it was because i've been looking for the club(wanting to possibly join) and havn't had much luck (more appropriately not enough time). I was firstly wondering what is the purpose of the club (from the few things I have heard it's partially for research and program writings...) and as to how I might be able to join... thanks; "hacker" tawed@etsu.bitnet +++++ Date: Sun Dec 6 19:56:46 EST 1992 From: TAWED%ETSU.bitnet@CUNYVM.CUNY.EDU (me!!!! ) Subject: christma exec a sent... he he he *laugh* this is funny.. I was reading 'Computer Viruses A High-tech Disease' written by Ralf Burger in 1988. In it is the source code listing for the christma exec a chain-mail bug. hmmmm, I thought A good way to sink my teath into REXX. WEll I copied in to my account and took the original and commented all of it out, as well as changed a few lines. Before this I made a copy. I took the copy and put comments all through it so that I could monitor what was happening in the program. And It started sending copies to all those people in my Names File!!!!!!!!! I started laughing and then later I chased them all down and found out that only 8 was send out. As of now I have 6 files deleted from those that did get sent out. (what was send out was the modified version that I disarmed and changed around, in case something like this would happen.) :-) anyway one copy did make it's way to a programer at this University so I don't know about that copy yet. I sent him mail and told him to erase it. *laugh* it was funny to watch it execute.| (P.s. you can use this in the digest if you want, along with making changes as needed.) .=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.= #INCLUDE #DEFINE HACKER "ED STREET" VOID MAIN(VOID) { PRINTF("SOMEDAY I WILL GET A *REAL* MESSAGE LINE!!\N"); } ------------------------------ Date: Wed, 5 May 1993 21:15:00 GMT From: tdc@zooid.guild.org (TDC ) Subject: File 3--The Legion of Doom: le retour (actualite) Organization: The Zoo of Ids Repost from: telecom13.305.1@eecs.nwu.edu Release Date: 4 May 16:07 EDT READ AND DISTRIBUTE EVERYWHERE - READ AND DISTRIBUTE EVERYWHERE +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Important Anouncement The LOD Legion of Doom Is Back! No that has not been a mis-print ... the LOD has returned! The world's greatest hacking group has formally been reinstated to bring back dignity and respect to a scene that has rapidly deteriorated since its departure. Unlike many of these other "Groups" that go around with upper/lower case names, that trade in PBX's, VMB's etc. and wouldn't know COSMOS if it hit them over the head. The LOD, at least to me, imbodies the pinnacle of understanding that comes from relentless exploration of the "system" backwards and forwards. It is an organization dedicated to understanding the world's computer and telephone networks. Enabling everyone to progress forward in technology. The accumulated product of this -- the Technical Journals, full of information unavailable anywhere except from telco manuals represents something to valuable to lose. It is a true tragedy that after the great witch hunt that was Operation Sun Devil that the former LOD died. If the powers that be, think they can shut down real hackers by undertaking unprovoked, uneeded not to mention unconstitutional draconian acts they are mistaken. We will not be kept down! We are a segment of society that enjoys what others label difficult and technical. Exploration into the uncharted reaches of technology is our calling. Information, learning and understanding is what we are made of. As the technology revolution impacts us all, it is the hackers and not the medieval statutes of the land that will lead us forward. This will be the primary of purpose the new, revived LOD -- the assembly and release of a Technical Journal. The previous fourissues, now several years old BADLY need updating. The Journal will rely heavily on reader submitted articles and information, so anything you wish to contribute would be GREATLY appreciated. Acceptable submitions would include ORIGINAL "how-to- guides" on various systems, security discussions, technical specifications and doccumentation. Computer and telephone related subjects are not the only things acceptable. If you remember, the former journals had articles concerning interrogation and physical security among others. The next LOD Technical Journal will comprise almost entirely of freelance or reader submitted articles. So without YOUR contributions it can not proceed! If you wish to hold the wonderful honour of being an LOD Member (won't this look good on your resume), you may apply by contacting us. The qualifica- tions should need no elaboration. Any of the previous members that wish reactivation (doubtful) need only request it. In addition to needing articles for the upcoming Journals, some sites on the net to aid in distribution would also be welcomed. Send all offers and articles to the following email account: tdc@zooid.guild.org Closing date for article submittions to the LOD Technical Journal Number 5 is: Monday 14 June, 1993. Release date: Friday 18 June, 1993. Since we have no monetary or contractual obligation to anyone, these dates are of course tentative. But since or at least initially we will rely almost entirely on reader submitions a date is needed to get potential writers into gear. In order that this gain exposure to as much publicity as possible please post it on any networks that you may have access to. Note that the LOD does not engage or condone illegal or criminal activities. This would cover, but is not limited to, theft of long distance services, credit fraud or data destruction/alteration. Lord Havoc [ChaosD: L'adresse e-mail donne dans cet article n'est pas relie directement a l'InterNet. Envoye vos courriers de preference a: gaea@zooid.guild.org a l'attention de LOD.] ------------------------------ Date: Tue May 4 14:36:11 CDT 1993 From: Dave.Safford@sc.tamu.edu (Dave Safford ) Subject: File 4--TAMU Security Tools Package (nouveau produit) Texas A&M Network Security Package Overview BETA Release 1.0 -- 4/16/93 Dave Safford Doug Schales Dave Hess DESCRIPTION: Last August, Texas A&M University UNIX computers came under extensive attack from a coordinated group of internet crackers. This package of security tools represents the results of over seven months of development and testing of the software we have been using to protect our estimated twelve thousand internet connected devices. This package includes three coordinated sets of tools: "drawbridge", an exceptionally powerful bridging filter package; "tiger", a set of convenient yet thorough machine checking programs; and "netlog", a set of intrusion detection network monitoring programs. While these programs have undergone extensive testing and modification in use here, we consider this to be a beta test release, as they have not had external review, and the documentation is still very preliminary. KEY FEATURES: For full technical details on the products, see their individual README's, but here are some highlights to whet your appetite: DRAWBRIDGE: - inexpensive (pc with SMC/WD 8013 cards); - high level filter language and compiler; - powerful filtering parameters; - DES authenticated remote filter management; - O(1) table lookup processing for full ethernet; bandwidth processing, even with dense class B net; filter specifications. TIGER: - checks key binaries against cryptographic; checksums from original distribution files; - checks for critical security patches; - checks for known intrusion signatures; - checks all critical configuration files; - will run on most UNIX systems, and has tailored; components for SunOS, Next, SVR4, Unicos. NETLOG: - efficiently logs all tcp/udp establishment attempts; - powerful query tool for analyzing connection logs; - "intelligent" intrusion detection program. AVAILABILITY: This package is available via anonymous ftp in: sc.tamu.edu:pub/security/TAMU At this location there is also a script "check_TAMU" that can perform cryptographic checksums on the distribution files, in case you obtained them from other archive sites. Note that there are some distribution limitations, such as the inability to export (outside the US) the DES libraries used in drawbridge; see the respective tool readme's for details of any restrictions. CONTACT: Comments and questions are most welcome. Please address them to: drawbridge@sc.tamu.edu ------------------------------ Date: Wed, 28 Apr 1993 04:12:57 -0700 From: emmanuel@WELL.SF.CA.US (Emmanuel Goldstein ) Subject: File 5--Apres la _Galactic Hacker Party_ de 1989... (congres d'ete) Repost from: CuD #5.32.1 Hack-Tic presents: ------------------------------------------------------------------- H A C K I N G A T T H E E N D O F T H E U N I V E R S E ------------------------------------------------------------------- An 'in-tents' summer congress H U H? +------- Remember the Galactic Hacker Party back in 1989? Ever wondered what happened to the people behind it? We sold out to big business, you think. Think again, we're back! That's right. On august 4th, 5th and 6th 1993, we're organising a three-day summer congress for hackers, phone phreaks, programmers, computer haters, data travellers, electro-wizards, networkers, hardware freaks, techno-anarchists, communications junkies, cyberpunks, system managers, stupid users, paranoid androids, Unix gurus, whizz kids, warez dudes, law enforcement officers (appropriate undercover dress required), guerilla heating engineers and other assorted bald, long-haired and/or unshaven scum. And all this in the middle of nowhere (well, the middle of Holland, actually, but that's the same thing) at the Larserbos campground four metres below sea level. The three days will be filled with lectures, discussions and workshops on hacking, phreaking, people's networks, Unix security risks, virtual reality, semafun, social engineering, magstrips, lockpicking, viruses, paranoia, legal sanctions against hacking in Holland and elsewhere and much, much more. English will be the lingua franca for this event, although some workshops may take place in Dutch. There will be an Internet connection, an intertent ethernet and social interaction (both electronic and live). Included in the price are four nights in your own tent. Also included are inspiration, transpiration, a shortage of showers (but a lake to swim in), good weather (guaranteed by god), campfires and plenty of wide open space and fresh air. All of this for only 100 dutch guilders (currently around US$70). We will also arrange for the availability of food, drink and smokes of assorted types, but this is not included in the price. Our bar will be open 24 hours a day, as well as a guarded depository for valuables (like laptops, cameras etc.). You may even get your stuff back! For people with no tent or air mattress: you can buy a tent through us for 100 guilders, a mattress costs 10 guilders. You can arrive from 17:00 (that's five p.m. for analogue types) on August 3rd. We don't have to vacate the premises until 12:00 noon on Saturday, August 7 so you can even try to sleep through the devastating Party at the End of Time (PET) on the closing night (live music provided). We will arrange for shuttle buses to and from train stations in the vicinity. H O W ? +------- Payment: In advance only. Even poor techno-freaks like us would like to get to the Bahamas at least once, and if enough cash comes in we may just decide to go. So pay today, or tomorrow, or yesterday, or in any case before Friday, June 25th 1993. Since the banks still haven't figured out why the Any key doesn't work for private international money transfers, you should call, fax or e-mail us for the best way to launder your currency into our account. We accept American Express, even if they do not accept us. But we are more understanding than they are. Foreign cheques go directly into the toilet paper recycling bin for the summer camp, which is about all they're good for here. H A ! +----- Very Important: Bring many guitars and laptops. M E ? +----- Yes, you! Busloads of alternative techno-freaks from all over the planet will descend on this event. You wouldn't want to miss that, now, would you? Maybe you are part of that select group that has something special to offer! Participating in 'Hacking at the End of the Universe' is exciting, but organising your very own part of it is even more fun. We already have a load of interesting workshops and lectures scheduled, but we're always on the lookout for more. We're also still in the market for people who want to help us organize this during the congress. In whatever way you wish to participate, call, write, e-mail or fax us soon, and make sure your money gets here on time. Space is limited. S O : +----- > 4th, 5th and 6th of August > Hacking at the End of the Universe (a hacker summer congress) > ANWB groepsterrein Larserbos (Flevopolder, Netherlands) > Cost: fl. 100,- (+/- 70 US$) per person (including 4 nights in your own tent) M O R E I N F O : +------------------- Hack-Tic Postbus 22953 1100 DL Amsterdam The Netherlands tel : +31 20 6001480 fax : +31 20 6900968 E-mail : heu@hacktic.nl V I R U S : +----------- If you know a forum or network that you feel this message belongs on, by all means slip it in. Echo-areas, your favorite bbs, /etc/motd, IRC, WP.BAT, you name it. Spread the worm, uh, word. ------------------------------ Date: Mon May 3 00:32:00 -0600 1993 From: roberts@decus.arc.ab.ca ("Rob Slade, DECrypt Editor, VARUG NLC rep ) Subject: File 6--"Computer Viruses ..." de Haynes/McAfee (critique) Copyright: Robert M. Slade, 1993 St. Martin's Press 175 Fifth Ave. New York, NY 10010 USA Computer Viruses, Worms, Data Diddlers, Killer Programs and Other Threats to Your System: what they are, how they work and how to defend your PC, Mac or mainframe, John McAfee and Colin Hayes, 1989, 0-312-02889-X If you buy only one book to learn about computer viral programs -- this is *not* the one to get. As a part of a library of other materials it may raise some interesting questions, but it is too full of errors to serve as a "single source" reference. I began to have my doubts about the validity of this book in the foreword, written by no less a virus researcher than John C. Dvorak. He states that what we need, in order to stem the virus problem, is a "... Lotus 1-2-3 of virus code. Something that is so skillfully [sic] designed and marvelously [sic] elegant that all other virus programs will be subject to ridicule and scorn." Aside from a rather naive view of human nature, this was obviously written before his more recent PC Magazine editorial in which he states that virus writers are the most skilful programmers we have. The prologue seems to be a paean of praise to one John McAfee, frequently identified as Chairman of the Computer Virus Industry Association. He is also identified as head of Interpath Corporation. Intriguingly, there is no mention of McAfee Associates or the VIRUSCAN/SCAN suite of programs. Given that the "chronology" of computer viral programs ends after 1988, the present company may not have been a formal entity at the time. The first six chapters give the impression of being a loose and somewhat disorganized collection of newspaper articles decrying "hackers". Some stories, such as that of the Morris/Internet Worm, are replayed over and over again in an unnecessary and redundant manner, repetitively rehashing the same topic without bringing any new information forward. (Those having trouble with the preceding sentence will have some idea of the style of the book.) Chapters seven to thirteen begin to show a bit more structure. The definition of terms, some examples, recovery, prevention, reviewing antivirals and the future are covered. There are also appendices; the aforementioned chronology, some statistics, a glossary, and interestingly, a piece on how to write antiviral software. Given what is covered in the book, am I being too hard on it in terms of accuracy? Well, let's let the book itself speak at this point. The errors in the book seem to fall into four main types. The least important is simple confusion. The Chaos Computer Club of Europe are stated to be "arch virus spreaders" (p. 13). The Xerox Worm gets confused with the Core Wars game (p. 25). The PDP-11 "cookie" prank program is referred to as "Cookie Monster", and is said to have been inspired by Sesame Street. At another level, there is the "little knowledge is a dangerous thing" inaccuracies. These might be the understandable result of a journalist trying to "flesh out" limited information. The Internet Worm is said to have used a "trapdoor", an interesting description of the sendmail "debug" feature (p. 12). "Trapdoor" is obviously an all-encompassing term. The "Joshua" program in the movie "Wargames" is also so described on page 78. Conway's "Game of LIFE" is defined as a virus, obviously confusing the self- reproducing nature of "artificial life" and not understanding the boundaries of the programming involved, nor the conceptual nature of Conway's proposal (p. 25). Mac users will be interested to learn that "through much of 1988" they were spreading the MacMag virus, even though it was identified so early that few, if any, ever reached the "target date" of March 2, 1988, and that none would have survived thereafter (p. 30). Some of the information is simply wild speculation, such as the contention that terrorists could use microcomputers to spread viral software to mainframes (p. 12). Did you know that because of the Jerusalem virus, some computer users now think it wiser to switch the computer off and go fishing on Friday the 13th (p. 30)? Or that rival MS-DOS and Mac users use viral programs to attack each others systems (p.43)? That the days of public bulletin boards and shareware are numbered, and that by the early 1990's, only 7000 BBSes will remain, with greatly reduced activity (p. 43)? Chapter thirteen purports to deal with the possible future outcomes of viral programs, but should be recognizable to anyone as, at best, pulp fiction. Some of the information is just flat out wrong. Page 75, "... worms do not contain instructions to replicate ..." Or, on page 95, a diagram of the operations of the BRAIN virus, showing it infecting the hard disk. We won't delve too deeply into the statements about the CVIA and Interpath Corporation. It is interesting to note, though, that of the antiviral software "reviewed", only one product still remains in anything like the same form. Flu-Shot, at the time the most widely used antiviral software, is *not* reviewed (although it is mentioned later in the book--in a very negative sense). In a sense I am being too hard on the book. It does contain nuggets of good information, and even some interesting speculation. However, the sheer weight of "dross" makes it extremely difficult to recommend it. If you are not familiar with the real situation with regard to viral programs, this book can give you a lot of unhelpful, and potentially even harmful, information. If you are familiar with the reality, why bother with it? +++++++ Vancouver ROBERTS@decus.ca | "Don't buy a Institute for Robert_Slade@sfu.ca | computer." Research into rslade@cue.bc.ca | Jeff Richards' User p1@CyberStore.ca | First Law of Security Canada V7K 2G6 | Data Security ------------------------------ End of Chaos Digest #1.23 ************************************