Computer underground Digest Sun Dec 15, 1996 Volume 8 : Issue 88 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.86 (Sun, Dec 15, 1996) File 1--SPA settles so-caled "anti-piracy" lawsuit with Tripod File 2--(Fwd) New SPA imperatives File 3-- An Open Letter to the SPA File 4--Hackers access Singapore Govt. WWW site (fwd) File 5--Re: Hackers access Singapore Govt. WWW site File 6--Jenott: Prosecutor attempts suicide, more secrecy File 7--BoS: Serious BIND resolver problem (fwd) File 8--Modems, PPP, who is doing what? (fwd) File 9--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sat, 16 Nov 1996 07:48:28 -0800 (PST) From: Declan McCullagh To: fight-censorship@vorlon.mit.edu Subject: File 1--SPA settles so-caled "anti-piracy" lawsuit with Tripod ---------- Forwarded message ---------- For Immediate Release Contact: David Phelps, (202) 452-1600, ext. 320, or dphelps@spa.org Kara Berklich, (413) 458-2265, or kara@tripod.com SPA Announces Settlement With Tripod, Inc. On Internet Anti-Piracy Lawsuit (Washington, D.C. -- Nov. 15, 1996) -- The Software Publishers Association (SPA) and Tripod, Inc. of Williamstown, Massachusetts have reached a satisfactory settlement of the lawsuit filed against Tripod for software copyright infringement. The lawsuit was filed on behalf of three of SPA's member companies: Adobe, Inc., Claris Software and Traveling Software, Inc. SPA initiated legal action against Tripod, an Internet Service Provider (ISP), in early October after receiving information that a number of the more than 50,000 individuals using Tripod's Homepage Builder -- part of the larger Tripod Web site -- were allegedly making available infringing material. After the lawsuit was filed, Tripod worked cooperatively with SPA to remove the infringing material and to create an addendum to its Membership Terms of Service outlining actions Tripod may take to protect itself against copyright infringement. "Though we regret that legal action was taken in this matter, given our past cooperation with SPA, we are glad to see this action satisfactorily resolved. The addendum to our Terms of Service really just formalizes Tripod's existing operations. Our Terms of Service now explicitly state that we do not tolerate on our members' home pages the presence of illegal software, serial numbers, and tools that have no other purpose than to crack software. If we become aware of the presence of such materials on our members' home pages, we will alert those members and ask them to remove that data," said Bo Peabody, Tripod's president. SPA and Tripod Reach Agreement 2-2-2 "SPA hasn't asked Tripod to do anything more than any ISP does -- or should be doing -- as part of its regular operating procedures. Tripod sets an excellent example for ISPs. They should advise their subscribers that infringing material will not be tolerated on their servers and will take action if it is found," said Sandra Sellers, SPA's vice president of intellectual property education and enforcement. "SPA urges all ISPs to adopt these measures as part of their normal operating procedures and to turn to SPA's educational materials on our Web site at www.spa.org," Sellers added. Tripod, Inc. provides the 116,000+ members of the Tripod Web site, recently ranked the 27th highest trafficked Web site in the world by PC-Meter, with an array of services including the free Homepage Builder. Both the Web site and Tripod's one million circulation print magazine Tools for Life provide young adults with the resources they need to make key life decisions in the areas of career, personal finance and lifestyle. The Tripod Web site can be found at http://www.tripod.com. SPA is the principal software industry trade association, representing the leading publishers as well as many start-up firms in the business, home office, consumer, education, Internet and entertainment markets. Its 1,200 member companies account for 85 percent of the U.S. packaged software industry. Information on SPA and its Internet use materials can be found on SPA's Web site at http://www.spa.org. ------------------------------ Date: Mon, 18 Nov 1996 23:42:00 +0000 From: David Smith Subject: File 2--(Fwd) New SPA imperatives Attached are the updated codes of conduct in the SPA Internet anti-piracy campaign. ------- Forwarded Message Follows ------- ISP Guidelines for Copyright Protection The below signed ISP voluntarily agrees to: 1.Commit to a policy making only legally authorized software available to subscribers, members and users. 2.Implement its policy by naming a compliance officer and using its best efforts to ensure - that the unauthorized reproduction and/or distribution of copyrighted computer programs does not occur on or through its servers, that information that appears to have been posted to be used to circumvent manufacturer-installed copy-protect devices in computer programs, including, but not limited to, serial numbers and cracker utilities (hereinafter "cracker material") will not be posted on its server(s), and that the linking of one or more sites on its server(s) to one or more other sites that contain pirated computer programs and/or cracker material does not take place unless such linking clearly appears to be intended for lawful purposes. 3.Remove pirated computer software and cracker materials or otherwise block access to it as soon as practicable after it is discovered. 4.Educate subscribers, members and other users of their legal obligation to respect copyright through, among other things, public service messages, warnings and hypertext links to appropriate educational web pages. 5.Terminate subscribers or members who, without reasonable justification, fail or refuse to abide by the policy of making only legally authorized software available on its server(s). 6.Not knowingly sponsor, endorse, or advertise access to infringing software. ------------------------------ Date: Sun, 24 Nov 1996 20:18:18 -0500 (EST) From: jw@bway.net Subject: File 3-- An Open Letter to the SPA An Open Letter to the SPA (To Ken Wasch, Software Publishers Association founder and president) Dear Ken: You probably don't remember me, but we spoke circa 1985 or '86. I was practicing law then, specializing in computer law, and I was representing a software publisher whose software was being ripped off on bulletin boards across America. I may have been the first attorney in the United States to sue a bulletin board sysop for software piracy, and I called to bring you up to speed on the case. You sent some money towards my legal fees. Later on, you jumped into the business of suing software pirates yourself in a major way. I sued four or five bulletin boards before I got out of it, and won consent injunctions and financial settlements in every case. The difference between what I was doing back then, and what you are doing now, is patently obvious. I was suing BBS's with names like "The Pirate's Lair", where the top screen bore messages like "Upload something juicy for admission to the inner sanctum." My client would gain admission and would ascertain that illegal copies of his programs were being stored on the board, with the sysop's knowledge. You are suing Internet service providers, and you are complaining that pages stored on their servers provide links to other Web pages which support piracy or discuss copying techniques. Its right there on your Web pages. In your "ISP Code of Conduct", you require that an ISP refrain from: "the linking of one or more sites on its server(s) to one or more other sites that contain pirated computer programs and/or cracker material.... unless such linking clearly appears to be intended for lawful purposes. " And, in another document called, "Why the Risk Exists--Theories of Copyright Infringement," you claim that "contributory infringment" under copyright law includes "linking to FTP sites where software may be unlawfully obtained; informing others of FTP sites where software may be unlawfully obtained." You've gone way overboard. You yourself are an attorney and you have been in the copyright enforcement business long enough to know that the speech you are describing cannot possibly be contributory infringement. A link is the online equivalent of a footnote. If I published a book tomorrow on software piracy and cited in a footnote a book on how to pirate software, would you sue me? If I published a manual on how to commit software piracy, in fact you could not sue me; the First Amendment protects not only the speech we approve of, but even some quite despicable speech; otherwise it wouldn't count for anything. Add to this the fact that the ISP itself is at one remove from the Web page containing a link. It is simply providing storage space for a page maintained by someone else, and it doesn't have the bandwidth to review all the Web pages contained on its equipment. It is no more appropriate for ISP's to screen all user pages than it would be for a bookstore to perform a legal review of the contents of all books which it carries or for the phone company to screen its customer's phone calls. By suing ISP's for contributory infringment, you are effectively exploiting the average federal judge's continuing ignorance about the Internet. If the judges before whom you filed these actions clearly recognized that there is no difference, for these purposes, between a Web page and a book or magazine, they would dismiss your complaint, and might very well entertain a request for Rule 11 sanctions for your unsupported interpretations of the contributory infringment laws. ISP's today are the weak link in the system of online freedom of expression. Strong freedom of speech protection for the Internet, harbingered by the decision in ACLU v. Reno, has little practical value if any private party opposed to the expression of an idea can effectively use the threat of litigation to bully an ISP into pulling the plug on a Web page. Most ISP's, especially small ones, simply do not have the financial resources or legal representation to defend a lawsuit, even a groundless one, and will therefore always err on the side of unplugging a user's web pages. The vulnerability of ISP's to tactics like yours leaves individual users, making noncommercial uses of the Web, extremely vulnerable. I understand that your motivation is to be assertive in defense of your members' interests. However, you also have a responsibility to respect the community of which you form a part. I find your aggressive pursuit of ISP's to be disrespectful of two overlapping communities: software users, many of whom maintain Web pages or at least use the Web, and the online community, of which you form a part by maintaining Web pages of your own. I am on the board of directors of two software companies, and would never consider having either of them join your organization for as long as you pursue your policy against ISP's. In addition, I will not purchase the software of any members of your organizations who lend their names to lawsuits which you bring against ISP's, and I would hope that others who read this letter--which I am posting on the Internet--will consider doing the same. Sincerely yours, Jonathan Wallace jw@bway.net http://www.spectacle.org ----------------------------------------------- Jonathan Wallace The Ethical Spectacle http://www.spectacle.org Co-author, Sex, Laws and Cyberspace http://www.spectacle.org/freespch/ "We must be the change we wish to see in the world."--Gandhi ------------------------------ Date: Mon, 9 Dec 1996 16:46:44 -0800 (PST) From: "Z.B." Subject: File 4--Hackers access Singapore Govt. WWW site (fwd) Source - Fight-Censorship List This showed up on the DEFCON list a little while ago. I thought it might be of some interest here. ---------- Forwarded message ---------- Date--Mon, 9 Dec 1996 15:46:41 -0800 (PST) To--DC-Stuff List Subject--Hackers access Singapore Govt. WWW site Muhahaha! Hackers Access Singapore Government's Website SINGAPORE - Computer hackers broke into the government's Internet website and posted a list of the user identities of more than 100 officials from various government bodies, the Straits Times newspaper reported today. The newspaper said Singapore's government directory was hacked into and the list of user IDs left on the government's home page for at least 12 hours. The website has links to the home pages of various government bodies, like the Singapore Broadcasting Authority, the Attorney-General's Chambers and other ministries. The list has now been removed from the website and its original contents restored. Hacking is an offense under Singapore's Computer Misuse Act, carrying a fine of Singapore $2,000 and a two-year jail sentence. Penalties are more severe for gaining unauthorized access to computer data with an intent to commit an offense such as fraud. ------------------------------ Date: Mon, 9 Dec 1996 21:10:43 -0800 (PST) From: Declan McCullagh Subject: File 5--Re: Hackers access Singapore Govt. WWW site Source - fight-censorship@vorlon.mit.edu A followup article was in today's Straits Times on page 2, saying the police were investigating this heinous crime. The Authorities were shocked, SHOCKED, I say, that anyone would commit such an act against the benevolent, munificient state. Perhaps the government needs to take out anti-hacking ads on the sides of buses -- one I saw this morning on the way downtown showed how taxpayer money is spent: on a full-color advert promoting "Singapore Family Values." Singapore Net-experts, meanwhile, have been telling me that it's not much of a hack. Rather, it's much more likely that the offenders (might they be caned?) took advantage of a cgi script loophole to execute a copy command moving /etc/passwd into index.html. Boring stuff, yet exquisitely timed. Singapore is putting its technological prowess on display this week for the WTO summit meeting here. There's nothing more amusing than an embarrassed repressive, censorhappy government. ------------------------------ Date: Sat, 14 Dec 1996 16:49:32 -0600 (CST) From: Crypt Newsletter Subject: File 6--Jenott: Prosecutor attempts suicide, more secrecy At the beginning of the week, the court martial of Eric Jenott took a strange turn when the military judge, Fred Arquilla, replaced the Army's lead prosecutor, Gordon Wells, because he had attempted to commit suicide. Wells tried to kill himself by slashing one of his wrists with a razor early Sunday morning and was immediately taken to an army medical center, according to the Fayetteville Observer. Moving swiftly, Arquilla appointed a new lead prosecutor, Tim Lucas, and postponed further action for a day and a half. On Monday, Jenott also pleaded not guilty to all charges leveled at him. Arquilla denied a defense motion to have Quihang Liu named an essential witness. Liu is a Chinese engineer and former friend of Jenott's who is said by the Army to have been a recipient of secret passwords supplied by the Ft. Bragg soldier. Liu has indicated he will not return to the United States for the trial. Arquilla also denied a request by Jenott's defense for a review copy of the information taken from 600 diskettes and two hard disks, formerly belonging to the Ft. Bragg soldier, and seized by the government. On Thursday, Army investigator James P. Samberg testified the Ft. Bragg hacker told him he was trying to "hurt the United States and help China" when he gave away a "secret" password. As the proceeding unfolded on Thursday, Samberg read from Jenott's personal diary, a diary seized at the Ft. Bragg barracks in June. From Jenott's diary -- dated sometime in 1991, according to Samberg: "I just wish America, my own country, would be put to shame. America is disgusting. I'm getting more and more impatient to go to China." Samberg also presented a poem, attributed to Jenott in 1993, entitled "Red Blood and Snow." "By the way, I've been a communist for about three years," was said to be the poem's closing line. Jenott's defense counsel, Tim Dunn, attacked Samberg's credibility. According to the Observer, Samberg had acknowledged "falsifying a weapons qualification record." Prosecutors tried to build the case that Jenott was a communist Chinese defector in waiting by trotting out one of Jenott's platoon members, Nicolas Salado. Salado had travelled with Jenott in February 1996 to visit Quihang Liu in Knoxville. Salado testified that he saw Jenott and Liu access Playboy's site on the Internet -- a known hotspot of communists -- and that Jenott spoke to Liu in Chinese. Prosecutor Matthew Wilkov claimed Jenott burned his passport because he wanted to defect. The defense countered that Jenott merely wanted to be a tourist. In keeping with the aura of secrecy that has surrounded the court martial, military judge Fred Arquilla closed the court to the public a number of times, supposedly due to the discussion of classified material, according to the Observer. At one point, a witness' name rank and unit were classified. The Observer reporter got it anyway and published the name of the classified soldier: "Alan Castle." Willkov said Jenott had also hacked systems run by by the Joint Chiefs of Staff, the secretary of the Army, the Department of Defense, the Army, the Navy and the Air Force -- installing password sniffers on them during the process. On Friday, Fred Arquilla locked the public out of the trail for all but three minutes. The rest of the day the court was closed under a court order for military secrecy. Digested from Fayetteville Observer daily news reports: http://www.foto.com . George Smith Crypt Newsletter http://www.soci.niu.edu/~crypt ------------------------------ Date: Wed, 20 Nov 1996 08:16:38 -0500 (EST) From: Noah Subject: File 7--BoS: Serious BIND resolver problem (fwd) Source -Noah ---------- Forwarded message ---------- Date--Mon, 18 Nov 1996 22:53:16 -0700 (MST) From--Oliver Friedrichs Subject--BoS--Serious BIND resolver problem Secure Networks Inc. Security Advisory November 18, 1996 Vulnerability in Unchecked DNS Data. In research for our upcoming network auditing tool, we have uncovered a serious problem present in implementations of BIND which trust invalid data sent to them. This vulnerability specifically applies to hostname to address resolution and can result in local and remote users obtaining root privileges. It is recommended that security conscious users upgrade to the latest version of the BIND resolver immediately. Information on obtaining the latest official release is provided at the end of this message. Technical Details ~~~~~~~~~~~~~~~~~ When a standard hostname lookup is performed on internet connected systems, the resulting address should be 4 bytes (Forgetting about IPv6 for now). Assuming that the address will always be 4 bytes, many privileged and unprivileged programs (including network daemons) trust the address length field which is returned from gethostbyname() in the hostent structure. By trusting the length field returned by DNS to be 4 bytes, it then copies the address into a 4 byte address variable. The vulnerability exists due to the fact that we can specify the size of IP address data within the DNS packet ourselves. By specifying a size larger than 4 bytes, an overflow occurs, as the program attempts to copy the data into the 4 byte structure it has allocated to store the address. One example of this vulnerability occurs in rcmd.c, the standard BSD library routine which is used by rsh and rlogin to remotely connect to systems. Note that the code itself is not faulty, however the resolver implementation is. Example code follows: hp = gethostbyname(*ahost); if (hp == NULL) { herror(*ahost); return (-1); } *ahost = hp->h_name; . . . bzero(&sin, sizeof sin); sin.sin_len = sizeof(struct sockaddr_in); sin.sin_family = hp->h_addrtype; sin.sin_port = rport; bcopy(hp->h_addr_list[0], &sin.sin_addr, hp->h_length); In this example, we copy hp->h_length ammount of data into the address variable of a sockaddr_in structure, which is 4 bytes. The hp->h_length variable is taken directly from the DNS reply packet. If we now look at how rcmd() declares it's variables, and after looking through rlogin with a debugger, we can determine that this is a dangerous situation. int rcmd(ahost, rport, locuser, remuser, cmd, fd2p) char **ahost; u_short rport; const char *locuser, *remuser, *cmd; int *fd2p; { struct hostent *hp; struct sockaddr_in sin, from; fd_set reads; On further testing, and implementation of exploitation code, we can verify that this is indeed possible via the rlogin service. In order to exploit the problem, we first start a program to send a fake DNS replies. [root@ariel] [Dec 31 1969 11:59:59pm] [~]% ./dnsfake oakmont.secnet.com(4732)->idoru.secnet.com(53) : lookup: random-domain.com (1:1) sent packet fake reply: 270 bytes idoru.secnet.com(53)->oakmont.secnet.com(4732) : reply: random-domain.com (1:1) We then cause rcmd() within rlogin to do a host lookup and response with our false data. [oliver@oakmont] [Dec 31 1969 11:58:59pm] [~]% whoami oliver [oliver@oakmont] [Jan 01 1970 00:00:01am] [~]% rlogin random-domain.com random-domain.com: Connection refused # whoami root # Impact ~~~~~~ By checking common BSD sources, we can see that over 20 local programs are vulnerable to this attack, and possibly 2 remote daemons. The possibility of exploiting local programs may seem insignificant, however if one considers an attacker somewhere on the internet intercepting DNS lookups, and inserting their own replies, it isn't. There is a real threat of passive attacks present here, whereby any user on a network running any of these programs can be a victim. Take for instance traceroute, or ping both of which fall prey to this problem. Aside from stock UN*X programs which ship with most vendor operating systems, there appears to be problems related to h_length in external software packages. Due to the flaw, FWTK (Firewall Toolkit) a freely available firewall kit appears vulnerable. The generic routine, conn_server(), which is utilizied by the proxy servers, appears to trust the data as well. Vulnerable Systems ~~~~~~~~~~~~~~~~~~ At this point we would assume that most vendor systems who have incorporated BIND directly into their operating system are vulnerable. Solaris is not vulnerable according to Casper Dik Fix Information ~~~~~~~~~~~~~~~ The maintainers of BIND, and CERT were notified of this problem several months previous to this posting. We recommend upgrading to the latest release of BIND which solves this problem due to the incorporation of IPv6 address support. The latest official release of BIND is availible at: ftp.vix.com in the directory /pub/bind/release/4.9.5 We wish to acknowledge and thank Theo Deraadt, the maintainer of the OpenBSD operating system for his help in finding and analyzing this problem. More information on OpenBSD can be found at http://www.openbsd.org. - Oliver Friedrichs -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAzJATn0AAAEEAJeGbZyoCw14fCoAMeBRKiZ3L6JMbd9f4BtwdtYTwD42/Uz1 A/4UiRJzRLGhARpt1J06NVQEKXQDbejxGIGzAGTcyqUCKH6yNAncqoep3+PKIQJd Kd23buvbk7yUgyVlqQHDDsW0zMKdlSO7rYByT6zsW0Rv5JmHJh/bLKAOe7p9AAUR tCVPbGl2ZXIgRnJpZWRyaWNocyA8b2xpdmVyQHNlY25ldC5jb20+iQCVAwUQMkBO fR/bLKAOe7p9AQEBOAQAkTXiBzf4a31cYYDFmiLWgXq0amQ2lsamdrQohIMEDXe8 45SoGwBzXHVh+gnXCQF2zLxaucKLG3SXPIg+nJWhFczX2Fo97HqdtFmx0Y5IyMgU qRgK/j8KyJRdVliM1IkX8rf3Bn+ha3xn0yrWlTZMF9nL7iVPBsmgyMOuXwZ7ZB8= =xq4f -----END PGP PUBLIC KEY BLOCK----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Oliver Friedrichs - (403) 262-9211 - Secure Networks Inc. Suite 440, 703-6th Avenue S.W. Calgary, AB, Canada, T2P 0T9 ------------------------------ Date: Tue, 26 Nov 1996 09:28:24 -0600 From: "Gilbert L. Sebenste" Subject: File 8--Modems, PPP, who is doing what? (fwd) ((MODERATORS' NOTE: During a busy time of the term, we had some dial-in access problems into our University computer system attributed to faulty modems. Some questions arose about what resources/set-ups other universities have, and a poster to a local discussion group provided the following information. Given the number of CuD readers affililiated with colleges/universities, I thought the following might be of interest -- jt)). Hi gang, Well, after reading the message explosion after the modems got clogged, may of you wonder who is doing what at other universities. The program through which we get our weather data, UNIDATA, asked that of it's participating schools. I think you'll find this interesting. ---------- Forwarded message ---------- Date--Mon, 25 Nov 1996 12:04:54 -0500 (EST) From--Russ De Souza To--community@unidata.ucar.edu Subject--Summary of PPP responses. Additional data from the PA State System of Higher Education (SSHE) is also in report. Laurie attempted to summarize results at bottom. Summary of PPP responses. Additional data from the PA State System. Community Summary of PPP responses + Summary of Information Dial-in Access Availability Non-SSHE Schools University of Nebraska Off-campus users use Internet providers at their own cost; negotiating license with providers for pricing limits and service levels in exchange for providerUs connectivity to campus network. University of Washington Have modem pool for dial-in PPP access; user accounts as validation. Creighton University Contract with USWest - faculty, staff, student, alumni can use their service - unlimited connect time @ $11.95/month. NE Louisiana University PPP/SLIP not implemented due to security concerns. Some departments considering doing limited PPP/SLIP on their own networks. Florida State University 250 lines with PPP connectivity. Individual departments also have limited number of lines on their networks. Busy signals still a problem. Negotiating with IBM for $11.95/month unlimited access time for users. Plymouth State 20 dialups with SLIP/PPP. Busy signals often. Suggestions to users to find Internet Provider at own expense. Lyndon State College >From their research, usually less expensive and easier to administer if access supplied by local provider. Agreement with local provider: college provides installation seminars so local provider reduces connectivity costs. University of Hawaii PPP connectivity provided; 90-minute access time limit (through modem servers); heavily used. Some departments have limited number of dialups available, mainly text-based. University of Iowa Many universities requiring faculty/students to pay for their own SLIP/PPP connections. Have contract with MCI to provide local dial-in phone numbers; $16/month for 60 hours access time. Are phasing out their University-run pool of modems to save $400,000 annually. Rutgers University Dial-ins are handled by Cisco servers and provide a variety of connectivity options (telnet, PPP, SLIP, etc.) Full-time students pay $100/semester for computing services, including networking and dial-up lines. University of Wisconsin - Madison 400 modems, using Cisco routers. Will be increasing to 1,000 modems. Support variety of connectivity options (see Rutgers above). Utah State University 128 dial-in lines, almost all traffic is PPP; evening access limited to 5 hours per week per user. People wanting longer connectivity time to ISPs, $19.95/month unlimited access time. Summary of Information Dial-in Access Availability SSHE Schools Bloomsburg University 56 modems - text only - all users have access. Networking residence halls to support students. 16-modem PPP comm. server - limited to usage by 60 faculty and staff who have a Runiversity based need. Recommending home user to use Internet Providers; at least three local providers, $15 - $20/month for unlimited use. Mansfield University Decision was made to let existing Internet Providers handle graphical dial-in support; recommend Epix and cable company. Edinboro University Do not provide graphical dial-in access; cost prohibitive. Slippery Rock University Text dial-in access provided an no charge. Faculty and students wanted full graphical access are directed to third party providers. Very few complaints from users. Kutztown University Text connectivity only via dial-in access. Arrangement with Prolog as provider for alumni and friends. Average connect time on their text dialups is 17 minutes; Service Provider reports 1 3/4 hours average connect time. Lock Haven University Providing PPP access, in the process of upgrading equipment. Costs: $25,000 for 46 line support, plus phone line costs: $3,000 to install then $1,000 per month. Summary of comments made by people providing information: - The costs of maintaining a modem pool to provide even text-only access has been increasing rapidly over recent years due to a number of factors -- primarily a rapidly increasing base of users wanting this service. (University of Nebraska) - Serious users are still encouraged to go third-party. (Florida State) - There is some justification for getting students to pay for their own off-campus SLIP/PPP Internet access as it turns out that many students have been using the University dial-in lines to browse the WWW for non-academic purposes. (University of Iowa) - There are many issues associated with providing Netscape to off-campus students: - More trunk lines will be needed; - more modems are needed; - Support calls are more difficult than typical text-based connections; - How many modems is enough? Are occasional busy signals accepted? - Should time limits be enforced to prevent net-surfing? - With the need for faster connections every 15 months, where will the funding come from? (28.8 modems yesterday, 33.6 modems today, 57.6 modems tomorrow - gets expensive.) (Bloomsburg) - With a limited number of lines the first 32 persons would be happy, but the majority would be less than happy. (Kutztown) ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators Subject: File 9--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.88 ************************************